PowerCLI

 View Only

  • 1.  Powercli command to enable host encryption

    Posted Feb 04, 2020 04:17 PM

    Per vmware docs, you can explicitly enable host encryption.

    Enable Host Encryption Mode Explicitly

    I can't seem to find a way to do that via powercli.

    Any hints?

    Thanks!



  • 2.  RE: Powercli command to enable host encryption

    Posted Feb 04, 2020 04:30 PM

    There are currently no cmdlets to do that.
    You will have to use the API methods directly, i.e. ConfigureCryptoKey

    But do you already have a KMS server in place?

    To be done via the RegisterKmipServer method.



  • 3.  RE: Powercli command to enable host encryption

    Posted Feb 04, 2020 04:37 PM

    Thanks, LucD

    Yup. Full KMS cluster in place, vm encryption has been working great, but recently, not all esx hosts are automatically entering safe mode to receive encrypted vms via vmotion/poweron.

    I've opened a ticket with vmware support to investigate.



  • 4.  RE: Powercli command to enable host encryption

    Posted Feb 04, 2020 04:36 PM

    I forgot about the VMware.VMEncryption module.

    That might help with the KMS part.

    Mike did a post on that, see PowerCLI for VM Encryption



  • 5.  RE: Powercli command to enable host encryption
    Best Answer

    Posted Apr 08, 2020 02:00 PM

    Found the powercli command: set-vmhost

    set-vmhost ESX111 -KmsCluster (vmware.vimautomation.storage\get-kmscluster kmscluster111)


  • 6.  RE: Powercli command to enable host encryption

    Posted Apr 08, 2020 02:05 PM

    Thanks for sharing that.