VMware vSphere

 View Only

Encryption Resilience with vCenter and Native Key Provider

  • 1.  Encryption Resilience with vCenter and Native Key Provider

    Posted Nov 22, 2022 01:38 PM

    We have a small environment with about 150+ virtual machines on a cluster of 6 ESXi hosts running 7.0 update 3h. and managed by a vCenter server 7.0.3.01000.     Unfortunately only one of the ESXi hosts that has recently been purchased has a physical TPM module but that is now part of our spec.   We've activated the vSphere Native Key Provider, and we DID NOT limit that to the ESXi hosts with TPM modules.   Now with deployments of Windows 11 and Windows Server 2022 we're starting to utilize the Secure boot and encryption capabilities of vCenter.    I'm getting a bit concerned that perhaps I need to understand the impact of a Data Center shutdown and its impact on the encryption possibilities during restoration.    Do the ESXi hosts have the capabilities to boot an encrypted VM without the presence of vCenter?    Does the ESXi Key Persistence have any impact on the Native Key Provider Keys?