HOW TO: Add and Create a vSphere Native Key Provider in VMware vSphere vCenter Server 8.0

Posted on
9,560 Points
Last Modified:
Experience Level: Beginner
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
EE Fellow, MVE, Expert of the Year 2021,2017-11, Scribe 2016-2012, Author of the Year 2018-6,2013-2012 VMware vExpert Pro, vExpert 2022-2011
In this video, I will show you HOW TO: Add and Create a vSphere Native Key Provider in VMware vSphere vCenter Server 8.0. I will also demonstrate want happens if you have no TPM device available for Windows 11.

The vSphere Native Key Provider was introduced in VMware vSphere 7.0 U2 and later. It is a function of VMware vSphere vCenter Server, so you must deploy VMware vSphere vCenter Server to use this functionality. You must also have a vSphere cluster.

HOW TO: Deploy and Install VMware vSphere vCenter Server 8.0 (VCSA 8.0)

HOW TO: Create a VMware vSphere Cluster in VMware vSphere vCenter Server 8.0

The vSphere Native Key provider allows you to encrypt virtual machines, enable vTPM in virtual machines, or enable data-at-rest encryption on vSAN, without the need for an external KMS (Key Management Server). You can export the vSphere Native Key provider key and import it again on another cluster.

The vSphere Native Key provider only provides key management to objects within the inventory of vCenter Server, it cannot be used externally. If you require external functionality beyond vCenter Server you will need to use an external third party KMS. These are listed on the Hardware Compatibility List.

New requirements for Microsoft Windows 11 requires a TPM (Trusted Platform Module). We can add this new vTPM device to support Windows 11.

How to Bypass Windows 11's TPM, CPU and RAM Requirements

Video Steps

1. Connect to the VMware vSphere vCenter Server 8.0 using the Web Client.

Using a web browser connect to the vCenter Server

2. Select the vCenter Server at the top.

Select vCenter Server.

3. Select Configure.

Select the Configure tab.

4. Specify Key Providers

Select the Key Providers.

5. Add.

Click Add Native Key provider.

6. Name the key provider

Enter a name for the key provide.

7. Select Key Provider.

Click Backup.

8. Store backup safely.

Store the backup in a safe place.


Andrew again a great article!!

This is a wonderful article. I have a question regarding it. If we do not add TPC to existing VMs that are already running, what would happen to those VMs if we cannot bring up the vCenter in case something goes wrong with it? We have the backup, but you mentioned VAMI backup.
LVL 146
Thanks for your kind words move videos coming!

Answer in question
In this article, I will show you step by step with screenshots to assist you - HOW TO: Deploy and Install the VMware vSphere vCenter Server 7.0 (VCSA 7.0), with some helpful tips along the way.
Make sure your ESXi server is up to date with the current firmware with - 5 Easy steps to upgrade VMware vSphere Hypervisor ESXi 7.0U2 to ESXi 7.0U2a Build 17867351.