EdSp
Enthusiast
Enthusiast

Native Key Provider

Jump to solution

When using a real KMS, the guidance would always be to have the KMS appliance VM hosted on a server outside a vSAN cluster that you are encrypting.

Is there confirmation that when using the Native Key Provider, this guidance no longer holds? I.e. I can now use the vSAN cluster’s vCenter to provide the NKP to encrypt that same cluster?

I did cold boot a node (the one with the VCSA) in an NKP-encrypted cluster, which came back up without issue.

Tx,

Ed

Labels (1)
  • vi

0 Kudos
1 Solution

Accepted Solutions
depping
Leadership
Leadership

you are correct, for the NKP this is different, mainly as the NKP is not a KMS, so the dependency is completely different 🙂

View solution in original post

2 Replies
depping
Leadership
Leadership

you are correct, for the NKP this is different, mainly as the NKP is not a KMS, so the dependency is completely different 🙂

View solution in original post

EdSp
Enthusiast
Enthusiast

For same reasons, is it correct to expect that it is also supported without issue for a stretched cluster then? 

0 Kudos