VMware Cloud Community
VM_Yamato
Hot Shot
Hot Shot
‎10-19-2021 05:29 AM

Motherboard with TPM replace on "vSphere Native Key Provider"

From vSAN 7 Update 2, for vSAN, we can use TPM on M/B as Key manager. It makes more simple configuration for encryption enabled environment.

And my question is, if a host motherboard will be replaced with TPM chip, what steps are needed to activate new TPM on Encryption enabled environment? (For example, vSAN Data-at-rest-encryption using the vSphere native Key Provider)

I confirmed the backup and restore process for the vSphere native key provider, are these steps enough for the TPM chip replacement?

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-E0EB371A-F6E4-463...

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-83683C14-3FF2-4A7...

 

Yamato Sakai
Technical Training Instructor | Dell Technologies Education
VCP-DCV 5,6.x, 2020, 2021
VCIX-DCV
VCIX-NV
vSAN HCI Master Specialist
0 Kudos
1 Reply
IRIX201110141
Champion
Champion
‎10-19-2021 11:04 PM

For my understanding there is no relationship between the feature of the native key provider/vTPM and a physql. TPM within the server.

Regards,
Joerg

0 Kudos