In case you must restore the key provider configuration, backing up a vSphere Native Key Provider is required as part of a disaster recovery scenario. You can use the vSphere Client, PowerCLI, or API to back up the vSphere Native Key Provider.
vSphere Native Key Provider is backed up as part of the vCenter Server file-based backup. However, you must back up the vSphere Native Key Provider at least once before you can use it. When you create a vSphere Native Key Provider, it is not backed up.
A backup is necessary in case you must restore the configuration. To restore a vSphere Native Key Provider, see Restore a vSphere Native Key Provider Using the vSphere Client.
Keep the backup file in a secure location. You can password-protect the backup when you create it. The backup file is in PKCS#12 format.
vCenter Server creates an alarm if a vSphere Native Key Provider has not been backed up. You can acknowledge the alarm, but it reappears every 24 hours until you have backed up the vSphere Native Key Provider.
Prerequisites
Required privilege:
Procedure
Results
The status of the vSphere Native Key Provider changes from Not Backed Up, to Warning, to Active. Warning indicates that the vCenter Server is still pushing the information to all the ESXi hosts in the data center. Active means that the information has been pushed to all the hosts.
What to do next
To add vTPMs to virtual machines, see Securing Virtual Machines with Virtual Trusted Platform Module. To encrypt virtual machines, see Using Encryption in Your vSphere Environment.