You can add a standard key provider to your vCenter Server system from the vSphere Client or by using the public API.
The vSphere Client enables you to add a standard key provider to your vCenter Server system, and establish trust between the KMS and vCenter Server.
- You can add multiple Key Management Servers from the same vendor.
- If your environment supports solutions from different vendors, you can add multiple key providers.
- If your environment includes multiple key providers, and you delete the default key provider, you must set another default explicitly.
- You can configure the KMS with IPv6 addresses.
- Both the vCenter Server system and the KMS can be configured with only IPv6 addresses.
- Verify that the KMS is in the VMware Compatibility Guide for Key Management Servers (KMS) and is KMIP 1.1 compliant, and that it can be a symmetric key foundry and server.
- Verify that you have the required privileges: .
- Ensure that the KMS is highly available. Loss of connection to the KMS, such as during a power outage or a disaster recovery event, renders encrypted virtual machines inaccessible.
- Consider your infrastructure's dependencies on the KMS carefully. Some KMS solutions are delivered as virtual appliances, making it possible to create a dependency loop or other availability problem with poor placement of the KMS appliance.
- Log in to the vCenter Server system with the vSphere Client.
- Browse the inventory list and select the vCenter Server instance.
- Click Configure, and under Security click Key Providers.
- Click Add Standard Key Provider, enter the key provider information, and click Add Key Provider.
You can click Add KMS to add more Key Management Servers.
- Click Trust.
vCenter Server adds the key provider and displays the status as Connected.