This is one of my favorite feature in vSphere 7 Update 2. VMware now provides the capability to use a new native key provider for encryption. Allowing us to use vSAN encryption, VM encryption and vTPM natively without the requirement to deploy a external Key provider. In the past this capability can only be provided by using a 3rd party solutions like Hytrust KeyControl. In this post i will explain how easy is to configure and deploy this awesome new feature.

Go to [Configure > Key Providers] to add the local key provider.

Text

Select [ADD > Add Native Key Provider].

Text

Provide a Name and press [ADD KEY PROVIDER].

Text

Backup the Master keys.

Text

Save the Native key Provider in a secure location. Optionally protect the key file with a strong password.

Text

Verify the ESXi Server Host Encryption Mode is [Enable].

Text

Test the configuration by encrypting an existing VM.

Text

Change the default “VM Storage Policy” to [VM Encryption Policy].

Text

Now the VM is encrypted with the Native Key Provider. Really Awesome Feature.

Text

ko-fi