Per vmware docs, you can explicitly enable host encryption.
Enable Host Encryption Mode Explicitly
I can't seem to find a way to do that via powercli.
Any hints?
Thanks!
Found the powercli command: set-vmhost
set-vmhost ESX111 -KmsCluster (vmware.vimautomation.storage\get-kmscluster kmscluster111)
There are currently no cmdlets to do that.
You will have to use the API methods directly, i.e. ConfigureCryptoKey
But do you already have a KMS server in place?
To be done via the RegisterKmipServer method.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I forgot about the VMware.VMEncryption module.
That might help with the KMS part.
Mike did a post on that, see PowerCLI for VM Encryption
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks, LucD
Yup. Full KMS cluster in place, vm encryption has been working great, but recently, not all esx hosts are automatically entering safe mode to receive encrypted vms via vmotion/poweron.
I've opened a ticket with vmware support to investigate.
Found the powercli command: set-vmhost
set-vmhost ESX111 -KmsCluster (vmware.vimautomation.storage\get-kmscluster kmscluster111)
Thanks for sharing that.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference