This removes the original dependency on an external or independent KMS solution for vSphere to handle key-based security solutions such as enabling host cryptographic functions (Host encryption mode) or meeting the requirements for VM Encryption.Ī good and relevant article describing key provider comparisons for deployment considerations can be found in the VMware Security guide. VSphere Native Key Provider – a new feature in vSphere 7 update 2 is the ability for vSphere to natively provide the keys for its own security features. While it may be the highest level of effort from a planning and implementation standpoint, this is also one of most complete configurations when considering the overall root of trust of the vSphere environment. vSphere Trust Authority requires an external key server. The Trust Authority makes access to the encryption keys conditional to the attestation state of a workload cluster. Trusted Key provider – in vSphere 7 and newer, the key provider can be configured based on the “Trust Authority” if it is present in the environment. Once vCenter is configured with a KMS provider then new and existing virtual machines can be secured using VM Encryption. Standard key provider – independent and external (to the vSphere solution) KMS solutions are one way of enabling cryptographic ability in the vSphere environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |