Using Virtual TPM in the VMware Host Client

The Trusted Platform Module (TPM) is a specialized chip that stores host-specific sensitive information, for example private keys and OS secrets. The TPM chip is also used to perform cryptographic tasks and attest the integrity of the platform.

The virtual TPM device is a software emulation of the TPM functionality. You can add a virtual TPM (vTPM) device to the virtual machines in your environment. The vTPM implementation does not require a physical TPM chip on the host. ESXi uses the vTPM device to exert the TPM functionality in your vSphere environment.

vTPM is available to virtual machines that have Windows 10 and Windows Server 2016 operating systems. The virtual machine must be of hardware version 14 or later.

You can add a virtual TPM device to a virtual machine only in the vCenter Server instance. For more information, see the vSphere Security documentation.

In the VMware Host Client, you can only remove the virtual TPM device from a virtual machine.

Using VBS in the VMware Host Client

Virtualization-based security (VBS) uses the Microsoft Hyper-V based virtualization technology to isolate core Windows OS services in a separate virtualized environment. Such isolation provides an additional level of protection, because it makes it impossible for the key services in your environment to be manipulated.

Enabling VBS on a virtual machine automatically enables the virtual hardware that Windows requires for the VBS feature. By enabling VBS, a variant of Hyper-V starts in the virtual machine and Windows starts running inside the Hyper-V root partition.

VBS is available on the latest Windows OS versions, for example Windows 10 and Windows Server 2016. To use VBS on a virtual machine, the virtual machine compatibility must be ESXi 6.7 and later.