Hosting a KMS on the encrypted VxRail cluster, with Key Persistence

In my previous post (VxRail cluster encryption with the vSphere Native Key Provider) I spoke about how to encrypt your VxRail cluster with the vSphere Native Key Provider that was introduced in vSphere 7.0 U2.

It is a great feature and the post shows how easy it is to set it up and use it to encrypt your cluster. However… what if you do need more functionality, that only a Key Management Server (KMS) can offer? Oh, and I don’t want to spend more cost on an extra host (outside my cluster) to host the KMS appliance? I can’t put it on the actual cluster itself, that it is providing the encryption keys for! Or can I …?

Continue reading →

June 25, 2021 0

VxRail cluster encryption with the vSphere Native Key Provider

VMware has recently introduced the vSphere Native Key Provider (NKP). This is a way to enable data-at-rest protections straight from vSphere itself.

Before we talk about the NKP, let’s first go back one step…

Continue reading →

May 28, 2021 5

VxRail – Secure Boot and attestation

Security is a key focus these days. For the security conscious customers, you can even configure your VxRail nodes so that upon booting up, they will verify the components that are involved in the boot process, to ensure that they are not tampered with. This post explains the Secure Boot process and how this is handled by VxRail.

Continue reading →

April 21, 2021 4

My First Blog Post

So I finally took the jump and created a blog (thanks Steve)… Plan is to document some occasional tech stuff here, which hopefully is helpful to more people than just myself.

I’m just getting this blog going, so stay tuned for more. Subscribe below to get notified when I post new updates.

August 8, 2019 1

Blog at WordPress.com.

Up ↑

Design a site like this with WordPress.com

Get started