You can add ESXi hosts to an existing Trusted Cluster using the vSphere Client.

After you have initially configured a Trusted Cluster, you might want to add more ESXi hosts. However, when you add the host to a Trusted Cluster, you must take the additional step of remediation. When you remediate the Trusted Cluster, you ensure that its desired configuration state matches its applied configuration.

In the first version of vSphere Trust Authority released in vSphere 7.0, you run scripts to add a host to an existing Trusted Cluster. Starting in vSphere 7.0 Update 1, you use the remediate functionality to add a host to a Trusted Cluster. In vSphere 7.0 Update 1, you still must use scripts to add a host to an existing Trust Authority Cluster. See Adding and Removing vSphere Trust Authority Hosts.


The vCenter Server for the Trusted Cluster must be running vSphere 7.0 Update 1 or later.

If you are adding an ESXi host that has a different ESXi version, or a different TPM hardware type, than what you initially configured for the Trusted Cluster, additional steps are required. You must export and import this information to the vSphere Trust Authority Cluster. See Collect Information About ESXi Hosts and vCenter Server to Be Trusted and Import the Trusted Host Information to the Trust Authority Cluster.

Required privileges: See the add hosts tasks in Required Privileges for Common Tasks.


  1. Connect to the vCenter Server of the Trusted Cluster by using the vSphere Client.
  2. Log in as a Trust Authority administrator.
  3. Navigate to a Trusted Cluster.
  4. On the Configure tab, select Configuration > Quickstart.
  5. Click Add in the Add hosts card.
  6. Follow the prompts.
  7. On the Trust Authority tab, click Remediate.
  8. To verify that the Trusted Cluster is healthy, click Check Health.