This article will guide you through the process of setting up a vSphere Native Key Provider in Linked Mode.

Using a single Native Key Provider in Linked Mode offers several advantages:

• Simplified Key Management: Instead of managing individual keys for each vCenter Server, you have a centralized point of control for all encryption keys.
• Consistent Encryption Policies: This ensures that all your virtual machines are encrypted using the same standards and policies across your vSphere environment.
• Cross-vCenter vMotion: Allows you to seamlessly migrate encrypted virtual machines between clusters managed by different vCenter Servers within the linked mode group.

VMware vCenter Server 7.x
VMware vCenter Server 8.x

Steps to Set Up Native Key Provider in Linked Mode:

1. Choose a vCenter Server: Select one of the vCenter Servers in your ELM group to act as the central key management server.

2. Create the Native Key Provider:

   • Navigate to the Home tab in the vCenter Server.
   • Go to Settings > Security > Key Providers.
   • Click Add.
   • Select vSphere Native Key Provider and click Next.
   • Configure the key provider settings, including the name and password.
   • Click Next and Finish to complete the creation.

3. Back Up and Export:

   • After creating the key provider on the chosen vCenter, back up the configuration.
   • You can export the configuration file to a safe location for later use.

4. Restore on Other vCenter Servers:

   • On each of the remaining vCenter Servers in your ELM group, restore the backup you just created.
   • Use the same password you configured for the original key provider.

Reference documents:

vSphere Native Key Provider Overview
vSphere Native Key Provider (NKP) Questions & Answers