This is one of my favorite feature in vSphere 7 Update 2. VMware now provides the capability to use a new native key provider for encryption. Allowing us to use vSAN encryption, VM encryption and vTPM natively without the requirement to deploy an external Key provider. In the past this capability can only be provided by using a 3rd party solution like Hytrust KeyControl. In this post I will explain how easy is to configure and deploy this awesome new feature.
Go to [Configure > Key Providers] to add the local key provider.
Select [ADD > Add Native Key Provider].
Provide a Name and press [ADD KEY PROVIDER].
Backup the Master keys.
Save the Native key Provider in a secure location. Optionally protect the key file with a strong password.
Verify the ESXi Server Host Encryption Mode is [Enable].
Test the configuration by encrypting an existing VM.
Change the default “VM Storage Policy” to [VM Encryption Policy].
Now the VM is encrypted with the Native Key Provider. Really Awesome Feature.
