I’m back in the lab this week, looking at some of the newer features around vSAN. As part of this, I needed vSAN Encryption enabled, so I downloaded the latest HyTrust KeyControl appliance as this has an easy to use KMIP Server. This new version is 4.2.1, and it has a few new steps compared to the previous versions I used, which were a little confusing to begin with. First I deployed the OVA, supplied the password, logged into the web interface, and enabled KMIP as before. However, that is where things are now a little different to before.
Many regular readers will be aware of new encryption features added recently to VMware’s portfolio, such as vSAN data-at-reset encryption and vSphere VM encryption in vSphere 6.5. I had to return to a configuration task that I hadn’t done in a while, which was the deployment of a new Key Management Server (KMS) on my vSphere 6.5 / vSAN 6.6.1 setup. I had done this a few times before, but it has been a while and I’d forgotten what exactly I’d needed to do, so I decided to document the steps in this post for future reference. Those of you…