After you create a vSphere Native Key Provider on one vCenter Server in an Enhanced Linked Mode configuration, you can use the vSphere Client to import it to another vCenter Server in the configuration.

You can configure a single vSphere Native Key Provider that is shareable across vCenter Server systems configured in an Enhanced Linked Mode configuration. You create the vSphere Native Key Provider on one vCenter Server system in the Enhanced Linked Mode configuration then use the Restore function to import the encrypted key file to the other ELM-connected vCenter Server systems.

Prerequisites

  • Required privilege: Cryptographic operations.Manage key servers
  • Create the vSphere Native Key Provider on one of your vCenter Server systems in the Enhanced Linked Mode configuration. See Configure a vSphere Native Key Provider.
  • Back up the vSphere Native Key Provider and download the backup encrypted key file. See Back up a vSphere Native Key Provider. Place the backup encrypted key file in a secure location that you can access when importing it.

Procedure

  1. With the vSphere Client, log in to a vCenter Server in the Enhanced Linked Mode configuration where you want to import the vSphere Native Key Provider.
  2. Browse the inventory list and select the vCenter Server instance.
  3. Click Configure, and under Security click Key Providers.
  4. Click Restore.
  5. Browse to the file location where you stored the vSphere Native Key Provider backup encrypted key file.
    The file was saved in PKCS#12 format.
  6. Select the file.
  7. (Optional) If the file is password protected, enter the password.
  8. Click Next.
  9. (Optional) If you decided to use this key provider only with TPM-protected ESXi hosts, select the check box.
  10. Click Finish.

Results

The vSphere Native Key Provider is imported to the vCenter Server. To use the vSphere Native Key Provider for encryption tasks, ensure that you first select it in the Key Provider pane and click Set as Default.

What to do next

Repeat these steps for other vCenter Server systems in your Enhanced Linked Mode configuration to which you want to add the vSphere Native Key Provider.