10/8/2023 0 Comments Vmware player tpm 2.0![]() Caching keys on a TPM in vSAN 7 U2 was limited to the use of the vSphere NKP. In previous versions of vSAN if access to an external KMS was unavailable, such as in edge topologies that may have limited connectivity to a KMS), the host had no ability to mount the disk groups that stored encrypted data. If the host rebooted at any point, it would need to fetch a key from the external KMS, via a 3rd party KMS solution, or the vSphere Native Key Provider (NKP). ![]() vSAN enabled hosts would retain these keys (Host keys, Disk Encryption Keys (DEK) and Key Encryption Keys (KEK)) in a volatile in-memory vmkernel key cache on each host in the cluster. Historically, encryption services such as vSAN Data-at-Rest Encryption have relied on an external KMS for key management. The use of TPMs are fully supported using the vSphere NKP, or an external KMS, and is one of the best ways to build a robust, method of key distribution and storage of the keys. ![]() vSAN 7 U3 introduces full support of using Trusted Platform Modules (TPMs) on the hosts within a vSAN cluster to persist the distributed keys should there be an issue with communication to the key provider. For vSAN data-at-rest encryption, key management can occur using the vSphere Native Key Provider (NKP) or an external KMS. VSAN offers encryption services to help ensure the integrity of the data stored in an environment. Key Caching support for 3rd party KMS servers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |