Connect a vCenter Server System to a Key Provider
Article ID: 329104
Updated On:
Products
Issue/Introduction
Before you can use vSphere Virtual Machine Encryption to perform encryption operations, you must connect your vCenter Server to a Key Provider. The exact steps depend on the process that the vendor supports, and on the vendor options.
Prerequisites
Environment
vSphere 7.0 and later
Resolution
vSphere 7.0.x
Task 1: Create the Key Provider
- Log in to the vCenter Server with the vSphere Web Client and select the vCenter Server in the inventory list.
- Click Configure and click Key Providers.
- Click Add Standard Key Provider, specify the following information, and click Add Key Provider.
KMS/ Key Provider cluster Select Create new cluster for a new cluster, or select an existing cluster. Cluster name Name of the Key Provider cluster that you want to create Server alias Use this alias to connect to the Key Provider if your vCenter Server instance becomes unavailable. Server address and port IP address or FQDN of the KMS / Key Provider, and port on which vCenter Server connects to the Key Provider. Proxy address and port Optional proxy address and port for connecting to the Key Provider. Username and password Some Key Provider vendors allow users to isolate encryption keys that are used by different users or groups by specifying a user name and password. Specify a user name only if your Key Provider supports this functionality, and if you intend to use it. - If you want to use that Key Provider as the default source of keys, click OK when prompted.
- Click Trust in the Trust Certificate dialog box to trust the Key Provider.
Task 2: Set up the Key Provider to Trust vCenter Server
Refer to the VMware Compatibility Guide for certified Key Provider's under Platform and Compute as well as links to partner public facing content for steps to configure a Key Provider with VMware vSphere.
Task 3: Verify or Finalize the Trust Setup
Refresh the Key Management Server screen to verify that the trust relationship is now established. The Connection Status for the Key Provider server shows Normal (green check mark).
To integrate with vendor Key Providers, please follow the certified vendor list at VMware Compatibility Guide.
vSphere 8.0.x
Task 1: Create the Key Provider
- Log in to the vCenter Server with the vSphere Web Client and select the vCenter Server in the inventory list.
- Click Configure and click Key Providers.
- Click Add and select Add Standard Key Provider, specify the following information, and click Add Key Provider
Name Name for the key provider.
Each logical key provider, regardless of its type (Standard, Trusted, and Native Key Provider), must have a unique name across all vCenter Server systems.KMS Alias for the key server (KMS). Address IP address or FQDN of the key server. Port Port on which vCenter Server connects to the key server. Proxy server Optional proxy server address for connecting to the key server. Proxy port Optional proxy port for connecting to the key server.
Some key server vendors allow users to isolate encryption keys that are used by different users or groups by specifying a user name and password.
Username Specify a user name only if your key server supports this functionality, and if you intend to use it. Password Specify a password only if your key server supports this functionality, and if you intend to use it. - Click Trust in the Trust Certificate dialog box to trust the Key Provider.
Task 2: Set up the Key Provider to Trust vCenter Server
Refer to the VMware Compatibility Guide for certified Key Provider's under Platform and Compute as well as links to partner public facing content for steps to configure a Key Provider with VMware vSphere.
Task 3: Verify or Finalize the Trust Setup
Refresh the Key Management Server screen to verify that the trust relationship is now established. The Connection Status for the Key Provider server shows Normal (green check mark).
To integrate with vendor Key Providers, please follow the certified vendor list at VMware Compatibility Guide.
Additional Information
Feedback
