Additional information Q: Can I use the Native Key Provider on multiple vCenters? (including Enhanced-Link-Mode) Also when deleting or updating a NKP the change is pushed to the hosts. Your Key Provider is now ready to be used in your environment.Īfter configuring vCenter Server pushes the primary key to all ESXi hosts which then generate data encryption keys, which can take a few minutes.
The configurationĬreating and configuring a Key provider is done real quick. However it’s a great addition for HomeLabs, smaller organizations or as a temporary solution when migrating to an external one.
However as noted in the documentation regarding NKP this is not meant to replace existing key servers and does not have full functionality like other key provider-solutions. This allows using features like VM-Encryption, vSAN Encryption or virtual TPMs without spinning up or buying an external KMS server from 3rd-party-vendor. For me one highlight was the introduction of the 'vSphere Native Key Provider' (NKP): a native KMS (Key Management Server), or now also called 'Key Provider'. Recently vCenter 7.0 Update 2 was released to the public, with new features and improvements.