Always set up a KMS cluster for redundancy.
In the event of a single KMS failure and the KMS vendor determines a replacement is required follow the below steps to get the KMS server replaced.
1) Make sure the KMS vendor is engaged to assist
2) Deploy a new KMS server with KMS vendors guidance
3) Create a new KMS cluster
For 6.7 Select the vCenter in the left hand pane > Configure > Key Management Server > Add > complete the wizard
![image.png](https://api-broadcomcms-software.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=1512277151054)
For 7.0 Select the vCenter in the left hand pane > Configure > Key Providers > Add Standard Key Provider and complete the wizard setup
![image.png](https://api-broadcomcms-software.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=1512275622039)
4) Point vSAN to the new KMS cluster
For 6.7 Select vSAN cluster > Configure > Services > Encryption > Edit
![image.png](https://api-broadcomcms-software.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=1512272370904)
For 7.0 Select vSAN cluster > Configure > Services > Data-At-Rest-encryption > Edit
![image.png](https://api-broadcomcms-software.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=1512274250223)