Losing those things will make it impossible to recover workloads if there is a problem. In the vSphere Client browse to the vCenter Server’s “Configure” tab, choose “Key Providers” on the left, and then Add a new Native Key Provider:įollow the prompts and be sure you protect the password you use as well as the encryption key that is downloaded as part of the initial backup. With this, customers of all sizes have better access to encryption technologies. It is driven by vCenter Server and clustered ESXi hosts and, to vSphere, enables nearly the same functionality as with a traditional Key Management Service (KMS). What did they tell us? “It’s not easy enough.”Ĭhallenge accepted! With vSphere 7 Update 2 we are proud to introduce the vSphere Native Key Provider, a mechanism to enable vTPM, VM Encryption, and vSAN Encryption that exists completely within vSphere itself. As vTPM use grows, through interest in security and mandates as part of compliance, we asked customers who weren’t using data-at-rest encryption what was holding them back.
Many customers are successfully using these features as part of their data-at-rest security strategies. VMware vSphere has serious data-at-rest protections, like vSAN Encryption, VM encryption, and virtual TPMs (vTPM) for workloads.
