Depois de importar as informações do Cluster vSphere Trust Authority para o Cluster Confiável, os Hosts Confiáveis iniciam o processo de atestado com o Cluster do Trust Authority.
Pré-requisitos
- Ativar o Administrador do Trust Authority.
- Ativar o estado do Trust Authority.
- Coletar informações sobre hosts ESXi e vCenter Server confiáveis.
- Importar as Informações do Host Confiável para o Cluster do Trust Authority.
- Criar o Provedor de Chave no Cluster do Trust Authority.
- Exportar as informações de cluster do Trust Authority.
Procedimento
Resultados
Os hosts confiáveis ESXi no cluster confiável iniciam o processo de atestado com o cluster do Trust Authority.
Exemplo: Importar as informações de cluster do Trust Authority para os hosts confiáveis
Este exemplo mostra como importar as informações do serviço de Cluster do Trust Authority para o Cluster Confiável. A tabela a seguir mostra os componentes e os valores de exemplo que são usados.
Componente | Valor |
---|---|
vCenter Server do cluster confiável | 192.168.110.22 |
Administrador do Trust Authority | [email protected] |
Nome do cluster confiável | Cluster confiável |
ESXi hosts no Cluster do Trust Authority | 192.168.210.51 e 192.168.210.52 |
Variável $TC |
Get-TrustedCluster -Name 'Trusted Cluster' |
PS C:\Users\Administrator.CORP> Disconnect-VIServer -server * -Confirm:$false PS C:\Users\Administrator.CORP> Connect-VIServer -server 192.168.110.22 -User [email protected] -Password 'VMware1!' Name Port User ---- ---- ---- 192.168.110.22 443 VSPHERE.LOCAL\trustedadmin PS C:\Users\Administrator.CORP> Get-TrustedCluster Name State Id ---- ----- -- Trusted Cluster Disabled TrustedCluster-domain-c8 PS C:\Users\Administrator.CORP> $TC = Get-TrustedCluster -Name 'Trusted Cluster' PS C:\Users\Administrator.CORP> $TC Name State Id ---- ----- -- Trusted Cluster Disabled TrustedCluster-domain-c8 PS C:\Users\Administrator.CORP> Import-TrustAuthorityServicesInfo -FilePath C:\vta\clsettings.json Confirmation Importing the TrustAuthorityServicesInfo into Server '192.168.110.22'. Do you want to proceed? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y ServiceAddress ServicePort ServiceGroup -------------- ----------- ------------ 192.168.210.51 443 host-13:86f7ab6c-ad6f-4606-... 192.168.210.52 443 host-16:86f7ab6c-ad6f-4606-... 192.168.210.51 443 host-13:86f7ab6c-ad6f-4606-... 192.168.210.52 443 host-16:86f7ab6c-ad6f-4606-... PS C:\Users\Administrator.CORP> Set-TrustedCluster -TrustedCluster $TC -State Enabled Confirmation Setting TrustedCluster 'Trusted Cluster' with new TrustedState 'Enabled'. Do you want to proceed? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Name State Id ---- ----- -- Trusted Cluster Enabled TrustedCluster-domain-c8 PS C:\Users\Administrator.CORP> $TC = Get-TrustedCluster -Name 'Trusted Cluster' PS C:\Users\Administrator.CORP> $tc.AttestationServiceInfo ServiceAddress ServicePort ServiceGroup -------------- ----------- ------------ 192.168.210.51 443 host-13:dc825986-73d2-463c-... 192.168.210.52 443 host-16:dc825986-73d2-463c-... PS C:\Users\Administrator.CORP> $tc.KeyProviderServiceInfo ServiceAddress ServicePort ServiceGroup -------------- ----------- ------------ 192.168.210.51 443 host-13:dc825986-73d2-463c-... 192.168.210.52 443 host-16:dc825986-73d2-463c-...
O que Fazer Depois
Continue com Configurar o provedor de chaves confiáveis para hosts confiáveis usando o vSphere Client ou Configurar o provedor de chaves confiáveis para hosts confiáveis usando a linha de comando.