VMware Cloud Community
cbeem
Contributor
Contributor
‎04-25-2022 02:08 PM

TPM and Windows 11 on ESXi 7.0 U3

Hi, my first post because I have not been able to answer this myself.

This current setup is installed in a SMB, as such the company has an essentials license (3 host).  So whatever I do here has to work on an essentials license.

I have used ESXi on IBMs in this company for years now, from ESXi 4 and now on 7 U3.  In 12 years of running ESXi on IBMs, we have only once had any downtime on a backup server related to VMware.  This is rock solid software.

I have installed the Product Evaluation Center for VMware vSphere 7.0 Update3d and it works a treat on our current IBM/Lenovo servers.  No upgrade issues from 6.7 U3.  Some performance tuning to get ESXi 7 going well on a brand new SR650, but going like a rocket. 

Mostly the company runs Windows servers and Linux mail systems.  But there are a handful of Win 10 VMs.

The question is of course about TPM on Win 11...  I understand that vTPM is only supported on enterprise licenses?  What about SMBs running essentials?  If we are unable to run a couple of Win 11 VMs on our vSphere that is a showstopper.  I don't want to hack the install, because MS is likely to cease support for the OS upgrades etc.

I run into the error "The host does not support Native key provider"

The SR650 has a TPM 2.0 installed.  Can this be used directly by VMs running on hosts in vCenter Server essentials? If so, how?

Thanks 🙂

 

 

 

 

0 Kudos
3 Replies
Kinnison
Commander
Commander
‎04-26-2022 01:35 AM

Hi,


AFAIK, According to recent documentation the native key provider and the vTPM functionality is included in all (the paid one, because you need vCenter to configure a cluster) vSphere editions. Please have a look:

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-54B9FBA2-FDB1-400...
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-6F811A7A-D58B-47B...


In my enviromnent I recently deployed and ESXi HOST (7.0U3D) with corrispondig vCenter VCSA (7.0U3D) "essential" licensed and I did not find issue setting the "native key provider", a cluster and then adding a vTPM to a purpose build virtual machine. Of course I just want to test it so your mileage may vary


Hope this help,


Regards,
Ferdinando

0 Kudos
cbeem
Contributor
Contributor
‎04-26-2022 02:20 AM

Thank you very much!

I note that the hosts have to be in a cluster, which mine are not.  But that should be easily fixed.

That's great information, much appreciated.  I will try this in the next couple of days.

Cliff 🙂

0 Kudos
Kinnison
Commander
Commander
‎04-26-2022 02:47 AM

Hi,

Before making changes have a good backup of your vCenter, always better be "safe then sorry", as you konw the bare essential license does not include support, only "pay for incident". Also make sure your backup solution it's able to deal with (partially) encrypted virtual machine, do not make assumption, test. 

Regards,

Ferdinando

 

 

 

   

 

0 Kudos