You can set up your environment with different KMS connections for different users of the same KMS instance. Having multiple KMS connections is helpful, for example, if you want to grant different departments in your company access to different sets of KMS keys.

About this task

Using multiple KMS clusters allows you to use the same KMS to segregate keys. Having separate sets of keys is essential for use cases like different BUs or different customers.

Note:

Not all KMS vendors support multiple users.

Figure 1. Connecting from vCenter Server to the KMS for Two Different Users


Two KMS clusters are inside one vCenter Server. Each uses a different user name and password to connect to a different key store in the KMS.

Prerequisites

Set up the connection with the KMS. See Set up the Key Management Server Cluster.

Procedure

  1. Create the two users with corresponding user names and passwords, for example C1 and C2, on the KMS.
  2. Log in to vCenter Server and create the first KMS cluster.
  3. When prompted for a user name and password, give information that is unique to the first user.
  4. Create a second KMS cluster and add the same KMS, but use the second user name and password (C2).

Results

The two clusters have independent connections to the KMS and use a different set of keys.