jcw345
Contributor
Contributor

Powercli command to enable host encryption

Jump to solution

Per vmware docs, you can explicitly enable host encryption.

Enable Host Encryption Mode Explicitly

I can't seem to find a way to do that via powercli.

Any hints?

Thanks!

0 Kudos
1 Solution

Accepted Solutions
jcw345
Contributor
Contributor

Found the powercli command: set-vmhost

set-vmhost ESX111 -KmsCluster (vmware.vimautomation.storage\get-kmscluster kmscluster111)

View solution in original post

5 Replies
LucD
Leadership
Leadership

There are currently no cmdlets to do that.
You will have to use the API methods directly, i.e. ConfigureCryptoKey

But do you already have a KMS server in place?

To be done via the RegisterKmipServer method.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
LucD
Leadership
Leadership

I forgot about the VMware.VMEncryption module.

That might help with the KMS part.

Mike did a post on that, see PowerCLI for VM Encryption


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
jcw345
Contributor
Contributor

Thanks, LucD

Yup. Full KMS cluster in place, vm encryption has been working great, but recently, not all esx hosts are automatically entering safe mode to receive encrypted vms via vmotion/poweron.

I've opened a ticket with vmware support to investigate.

0 Kudos
jcw345
Contributor
Contributor

Found the powercli command: set-vmhost

set-vmhost ESX111 -KmsCluster (vmware.vimautomation.storage\get-kmscluster kmscluster111)
LucD
Leadership
Leadership

Thanks for sharing that.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos