In vSphere Trust Authority, vCenter Server verifies and reports on a Trusted Host's attestation status. You can use the vSphere Client to view the attestation status of Trusted Hosts.

What Is vSphere Trust Authority Attestation Reporting

vSphere Trust Authority uses remote attestation for Trusted Hosts to prove the authenticity of their booted software. Attestation verifies that the Trusted Hosts are running authentic VMware software, or VMware-signed partner software. The vCenter Server of the Trusted Cluster communicates with the Trusted Host to get an internal attestation report. The attestation report specifies if the Trusted Host has attested or not with the Attestation Service running on the Trust Authority Cluster. If the Trusted Host has not attested, the attestation report also specifies an error message. The vSphere Client displays the attestation status of a Trusted Host, and if vSphere Trust Authority or vCenter Server attested the host.

Passed Attestation Status

A status of Passed indicates that the Trusted Host has attested with a vSphere Trust Authority Attestation Service, and the internal attestation report is available to vCenter Server.

Failed Attestation Status

A status of Failed indicates that the Trusted Host was not able to attest with any vSphere Trust Authority Attestation Service. The vCenter Server internal attestation report contains the error reported by the Attestation Service that the Trusted Host tried to attest with.

Handling Unattested Trusted Hosts

When a Trusted Host is unattested, virtual machines, including encrypted virtual machines, that are running on the Trusted Host continue to be accessible. You cannot power on virtual machines on an unattested Trusted Host. However, you can still add unencrypted virtual machines. When a Trusted Host is unattested, take steps to resolve the attestation problem. See Troubleshoot Trusted Host Attestation Problems.

Multiple Trust Authority Hosts and Attestation Reports

When you have configured multiple Trust Authority Hosts, there are potentially multiple attestation reports available from each host. When reporting status, the vSphere Client displays the status from the first "attested" report that it finds. If there are no "attested" reports, the vSphere Client displays the error from the first "unattested" report that it finds.

Even if you have configured multiple Trust Authority Hosts, the vSphere Client displays the status, and potentially an error message, from only one attestation report.