VMware Cloud Community
jcw345
Contributor
Contributor
Jump to solution

Powercli command to enable host encryption

Per vmware docs, you can explicitly enable host encryption.

Enable Host Encryption Mode Explicitly

I can't seem to find a way to do that via powercli.

Any hints?

Thanks!

Reply
0 Kudos
1 Solution

Accepted Solutions
jcw345
Contributor
Contributor
Jump to solution

Found the powercli command: set-vmhost

set-vmhost ESX111 -KmsCluster (vmware.vimautomation.storage\get-kmscluster kmscluster111)

View solution in original post

5 Replies
LucD
Leadership
Leadership
Jump to solution

There are currently no cmdlets to do that.
You will have to use the API methods directly, i.e. ConfigureCryptoKey

But do you already have a KMS server in place?

To be done via the RegisterKmipServer method.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

I forgot about the VMware.VMEncryption module.

That might help with the KMS part.

Mike did a post on that, see PowerCLI for VM Encryption


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
jcw345
Contributor
Contributor
Jump to solution

Thanks, LucD

Yup. Full KMS cluster in place, vm encryption has been working great, but recently, not all esx hosts are automatically entering safe mode to receive encrypted vms via vmotion/poweron.

I've opened a ticket with vmware support to investigate.

Reply
0 Kudos
jcw345
Contributor
Contributor
Jump to solution

Found the powercli command: set-vmhost

set-vmhost ESX111 -KmsCluster (vmware.vimautomation.storage\get-kmscluster kmscluster111)
LucD
Leadership
Leadership
Jump to solution

Thanks for sharing that.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos