VMware vSphere

 View Only

 vCenter v7 to v8 upgrade when NKP in use for VSAN Data at Rest encryption

terrible_towel's profile image
terrible_towel posted Jul 15, 2025 08:12 AM

I have a vSphere 7 VSAN cluster. It is using VSAN Data-at-rest encryption with the vCenter internal KMS (NKP). I am getting ready to upgrade that vCenter to v8. Is there anything I have to do with the KMS server to get the keys onto the new vCenter?

I’ve found some suggestions to backup the NKP  (vCenter > Configure > Key Providers) and have it ready for after the upgrade is complete.   But I can not find that documented anywhere.

Can anyone with experience upgrading a vCenter with an active NKP in use for VSAN DAR tell me your experience?   Did the KMS move with the vCenter upgrade workflow, or did you have to restore the KMS into the new vCenter once it is deployed?

Thanks !

terrible_towel's profile image
terrible_towel posted Jul 16, 2025 09:31 AM

Hello.   Just as follow up to this.   The v7 to v8 vCenter upgrade worked fine, and it migrated the NKP without issue.  I had a backup of the NKP just in case.   I have still not located a single piece of documentation that talks about upgrading the vCenter while NKP is in use though.