VMware vSphere

 View Only

  • 1.  vtpm and ESS +

    Posted Apr 08, 2022 10:43 AM
    1. IHAC trying to install W11 as guest
    2. As we know, W11 needs TPM (ok, there’re tons of sites about registry hack to avoid this check, but it is unsupported by MS)
    3. We can supply vTPM to a guest.. easy.
    4. vTPM needs vSphere Encryption (see  documentation:

    https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-6F811A7A-D58B-47B4-84B4-73391D55C268.html)

    1. VM encryption is only available in ENT+
    2. So does it mean that only customer with ENT+ will be able to virtualize w11?

     



  • 2.  RE: vtpm and ESS +

    Posted Apr 11, 2022 02:18 PM

    In both the essentials kits is included the VTPM feature



  • 3.  RE: vtpm and ESS +
    Best Answer

    Posted Apr 13, 2022 07:20 AM

    Hi  

    Starting with vSphere 7 Update 2 you can use the vSphere Native Key Provider which is included in all vSphere versions for virtualizing Windows 11.

    See the quote from this link (https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-54B9FBA2-FDB1-400B-A6AE-81BF3AC9DF97.html) below:

    vSphere Native Key Provider is included in all vSphere editions and does not require an external key server (also called a Key Management Server (KMS) in the industry). You can also use vSphere Native Key Provider for vSphere Virtual Machine Encryption, but you must purchase the VMware vSphere® Enterprise Plus Edition™.

    Regards Daniel



  • 4.  RE: vtpm and ESS +

    Posted Mar 17, 2023 05:12 PM

    Dear community

    i tried to create a VM with windows 11 and virtual TPM for the first time on our system with vSphere 7.0.3 Build 0395099

    License is "vCenter Server 7"
    Product is "vCenter Server 7 Standard"

    I added a key provider but i still can not add a TPM module to a new virtual machine.

    Do i need to configure just that native key provider or do i need to do all the steps from the guide below ?

     

    Configure vSphere Trust Authority ?

    https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-39D8AB34-AD45-4B0A-8FB0-7A1D16B25C9A.html

     

    Thank you for a short feedback.



  • 5.  RE: vtpm and ESS +

    Posted Mar 17, 2023 05:54 PM

    Hi  

    these steps are not required. Do you have EFI enable for that virtual machine? Whoch hardware version do you use?

    Regards

    Daniel



  • 6.  RE: vtpm and ESS +

    Posted Mar 17, 2023 07:18 PM

    Heads up!

    if you configure this new native Key provider

    1. Dont click the checkbox in the lower left if your have older CPUs within your Hosts during configuring
    2. You need to backup the provider before you can use it

    Regards,
    Jörg



  • 7.  RE: vtpm and ESS +

    Posted Mar 20, 2023 09:18 AM

    Thank you for your help.

    I created a new Key provider without activated checkbox and when i added i TPM Module i configured these options also.
    With these options i was able to create a VM and setup Windows 11.

    1. Add a new Trust Platform Module device from "ADD NEW DEVICE" drop-down list,
    2. Go to "VM Options" tab, set "Encrypted vMotion" and "Encrypted FT" to "Required" from "Opportunistic" under "Encryption" configuration part.
    3. Click "Next", "Finish" to start VM creation.