From vSAN 7 Update 2, for vSAN, we can use TPM on M/B as Key manager. It makes more simple configuration for encryption enabled environment.
And my question is, if a host motherboard will be replaced with TPM chip, what steps are needed to activate new TPM on Encryption enabled environment? (For example, vSAN Data-at-rest-encryption using the vSphere native Key Provider)
I confirmed the backup and restore process for the vSphere native key provider, are these steps enough for the TPM chip replacement?
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-E0EB371A-F6E4-463...
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-83683C14-3FF2-4A7...
Yamato Sakai
Technical Training Instructor | Dell Technologies Education
VCP-DCV 5,6.x, 2020, 2021
VCIX-DCV
VCIX-NV
vSAN HCI Master Specialist