Hi @vmb01
Starting with vSphere 7 Update 2 you can use the vSphere Native Key Provider which is included in all vSphere versions for virtualizing Windows 11.
See the quote from this link (https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-54B9FBA2-FDB1-400...) below:
vSphere Native Key Provider is included in all vSphere editions and does not require an external key server (also called a Key Management Server (KMS) in the industry). You can also use vSphere Native Key Provider for vSphere Virtual Machine Encryption, but you must purchase the VMware vSphere® Enterprise Plus Edition™.
Regards Daniel
In both the essentials kits is included the VTPM feature
Hi @vmb01
Starting with vSphere 7 Update 2 you can use the vSphere Native Key Provider which is included in all vSphere versions for virtualizing Windows 11.
See the quote from this link (https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-54B9FBA2-FDB1-400...) below:
vSphere Native Key Provider is included in all vSphere editions and does not require an external key server (also called a Key Management Server (KMS) in the industry). You can also use vSphere Native Key Provider for vSphere Virtual Machine Encryption, but you must purchase the VMware vSphere® Enterprise Plus Edition™.
Regards Daniel
Dear community
i tried to create a VM with windows 11 and virtual TPM for the first time on our system with vSphere 7.0.3 Build 0395099
License is "vCenter Server 7"
Product is "vCenter Server 7 Standard"
I added a key provider but i still can not add a TPM module to a new virtual machine.
Do i need to configure just that native key provider or do i need to do all the steps from the guide below ?
Configure vSphere Trust Authority ?
Thank you for a short feedback.
these steps are not required. Do you have EFI enable for that virtual machine? Whoch hardware version do you use?
Regards
Daniel
Heads up!
if you configure this new native Key provider
Regards,
Jörg
Thank you for your help.
I created a new Key provider without activated checkbox and when i added i TPM Module i configured these options also.
With these options i was able to create a VM and setup Windows 11.
1. Add a new Trust Platform Module device from "ADD NEW DEVICE" drop-down list,
2. Go to "VM Options" tab, set "Encrypted vMotion" and "Encrypted FT" to "Required" from "Opportunistic" under "Encryption" configuration part.
3. Click "Next", "Finish" to start VM creation.