VMware Cloud Community
bseppanen1
Contributor
Contributor

Encryption Resilience with vCenter and Native Key Provider

We have a small environment with about 150+ virtual machines on a cluster of 6 ESXi hosts running 7.0 update 3h. and managed by a vCenter server 7.0.3.01000.     Unfortunately only one of the ESXi hosts that has recently been purchased has a physical TPM module but that is now part of our spec.   We've activated the vSphere Native Key Provider, and we DID NOT limit that to the ESXi hosts with TPM modules.   Now with deployments of Windows 11 and Windows Server 2022 we're starting to utilize the Secure boot and encryption capabilities of vCenter.    I'm getting a bit concerned that perhaps I need to understand the impact of a Data Center shutdown and its impact on the encryption possibilities during restoration.    Do the ESXi hosts have the capabilities to boot an encrypted VM without the presence of vCenter?    Does the ESXi Key Persistence have any impact on the Native Key Provider Keys?       

Labels (2)
Reply
0 Kudos
0 Replies