If a Trusted Cluster's configuration is not healthy, you must resolve the configuration inconsistencies. You do so by remediating the Trusted Cluster. When you remediate a Trusted Cluster, you ensure that all the Trusted Hosts in the Trusted Cluster have the same trusted configuration.
A Trusted Cluster consists of a vCenter Server cluster of Trusted ESXi Hosts that are remotely attested by the Trust Authority Cluster. When you configure vSphere Trust Authority initially, you must import the Trust Authority Services information from your Trust Authority Cluster into the Trusted Cluster. The Trusted Cluster uses that configuration of components for contacting the Key Provider Service and the Attestation Service running on the Trust Authority Cluster. For more information about configuring a Trusted Cluster, see Import the Trust Authority Cluster Information to the Trusted Hosts. After you configure a Trusted Cluster, you can check and remediate its health.
Trusted Cluster Health Overview
Checking the health of a Trusted Cluster depends upon the following.
- Desired state configuration
- The desired state configuration is based on the Trust Authority Services information that you import into the Trusted Cluster. The desired state configuration is the Trusted Cluster's "source of truth." Think of the desired state configuration as what is initially created when you set up the Trusted Cluster.
- Applied configuration
- The applied configuration is the registration of the specific Attestation Services and Key Provider Services for which you have configured the Trusted Cluster. The applied configuration is what the Trusted Cluster is running currently. You can think of the applied configuration as the "run-time" configuration. The desired state configuration should match the applied configuration. However, if the applied configuration is inconsistent with the desired state configuration, the Trusted Cluster is deemed "not healthy." A Trusted Cluster that is not healthy can experience degraded performance or not function at all.
This health check is not an indicator of the overall health for either a Trusted Cluster or the vSphere Trust Authority infrastructure. The health check only compares the Trusted Cluster's desired state configuration to the applied configuration.
Trusted Cluster Remediation Overview
Remediation is the process by which vSphere Trust Authority resolves an inconsistent configuration of a Trusted Cluster. A Trusted Cluster's configuration can become inconsistent over time or due to other operational errors.
Use remediation in the following way:
- Check the Trusted Cluster health.
- If the Trusted Cluster is unhealthy, remediate it.
You can use either the vSphere Client or the CLI to check the Trusted Cluster health. See Check Trusted Cluster Health. You can also use either the vSphere Client or the CLI to remediate a Trusted Cluster. See Remediate a Trusted Cluster.