Understanding vSphere Native Key Provider process flows is essential to learning how to configure and manage your vSphere Native Key Provider.
You can use the built-in vSphere Native Key Provider to power encryption-based virtual TPMs (vTPM). vSphere Native Key Provider is included in all vSphere editions and does not require an external key server (KMS). To use vSphere Native Key Provider for vSphere Virtual Machine Encryption, you must purchase the vSphere Enterprise+ edition.
Configuring vSphere Native Key Provider
Configuring vSphere Native Key Provider involves these basic operations:
- A user with the appropriate administrative privileges uses the vSphere Client to create a vSphere Native Key Provider on a vCenter Server.
- The vCenter Server then configures the vSphere Native Key Provider for all clusters of ESXi hosts.
In this step, vCenter Server pushes a primary key to all ESXi hosts in the cluster. Likewise, if you update or delete a vSphere Native Key Provider, the change is pushed to the hosts in the cluster.
- Users with the appropriate cryptographic privileges create vTPMs and encrypted virtual machines (provided you have purchased the vSphere Enterprise+ edition).
See Securing Virtual Machines with Virtual Trusted Platform Module and Use Encryption in Your vSphere Environment.
vSphere Native Key Provider Encryption Process Flow
To understand how different components interact to perform an encryption task using vSphere Native Key Provider, see Encryption Process Flow.