Making a vCenter Server cluster into a vSphere Trust Authority Cluster (also called enabling the Trust Authority State) starts the required Trust Authority services on the ESXi hosts in the cluster.

Procedure

  1. In a PowerCLI session, run the Connect-VIServer cmdlet to connect as the Trust Authority administrator user to the vCenter Server of the Trust Authority Cluster.
    Connect-VIServer -server TrustAuthorityCluster_VC_ip_address -User trust_admin_user -Password 'password'
  2. To check the current state of the cluster, run the Get-TrustAuthorityCluster cmdlet.
    For example, this command shows the cluster, vTA Cluster, and that its state is disabled.
    Get-TrustAuthorityCluster
    
    Name                 State                Id
    ----                 -----                --
    vTA Cluster          Disabled             TrustAuthorityCluster-domain-c8
    The output shows either Disabled or Enabled in the State column for each cluster found. Disabled means that the Trust Authority services are not running.
  3. To enable the Trust Authority Cluster, run the Set-TrustAuthorityCluster cmdlet.
    For example, this command enables the cluster vTA Cluster.
    Set-TrustAuthorityCluster -TrustAuthorityCluster 'vTA Cluster' -State Enabled
    The system responds with a confirmation prompt.
    Confirmation
    Setting TrustAuthorityCluster 'vTA Cluster' with new State 'Enabled'. Do you want to proceed?
    [Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):
  4. At the confirmation prompt, press Enter. (The default is Y.)
    The output shows the state of the cluster. For example, the following shows that cluster vTA Cluster has been enabled:
    Name                 State                Id
    ----                 -----                --
    vTA Cluster          Enabled              TrustAuthorityCluster-domain-c8

Results

Two services start on the ESXi hosts in the Trust Authority Cluster: the Attestation Service and the Key Provider Service.

Example: Enable the Trusted State on the Trust Authority Cluster

This example shows how to use PowerCLI to enable services on the Trust Authority Cluster. The following table shows the example components and values that are used.

Table 1. Example vSphere Trust Authority Setup
Component Value
vCenter Server for Trust Authority Cluster 192.168.210.22
Trust Authority Cluster name vTA Cluster
Trust Authority administrator trustedadmin@vsphere.local
PS C:\Users\Administrator.CORP> Disconnect-VIServer -server * -Confirm:$false
PS C:\Users\Administrator.CORP> Connect-VIServer -server 192.168.210.22 -User trustedadmin@vsphere.local -Password 'VMware1!'

Name                           Port  User
----                           ----  ----
192.168.210.22                 443   VSPHERE.LOCAL\trustedadmin

PS C:\Users\Administrator.CORP> Get-TrustAuthorityCluster

Name                 State                Id
----                 -----                --
vTA Cluster          Disabled             TrustAuthorityCluster-domain-c8

PS C:\Users\Administrator.CORP> Set-TrustAuthorityCluster -TrustAuthorityCluster 'vTA Cluster' -State Enabled 

Confirmation
Setting TrustAuthorityCluster 'vTA Cluster' with new State 'Enabled'. Do you want to proceed?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Name                 State                Id
----                 -----                --
vTA Cluster          Enabled              TrustAuthorityCluster-domain-c8

What to do next

Continue with Collect Information About ESXi Hosts and vCenter Server to Be Trusted.