It's been a while since I was thinking of testing a Key Management Server (KMS) in a lab and do some encryption based scenarios. However, all KMS solutions so far weren't free or difficult to obtain NFR. Today I'd like to spread the good news for Free NFR Keys for KMS from Hytrust for all VMware vExperts.
The KMS server has to be in place in order to leverage encryption for your VMs. Starting with vSphere 6.5, you can take advantage of virtual machine encryption.
Encryption protects not only your virtual machine but also virtual machine disks and other files. You set up a trusted connection between vCenter Server and a key management server (KMS). vCenter Server can then retrieve keys from the KMS as needed.
You need to set up actually a key management server (KMS) cluster. That task includes adding the KMS and establishing trust with the KMS. When you add a cluster, you are prompted to make it the default.
VMware has pretty good documentation about encryption at their documentation, so I won't go much into details right now, as I'm traveling and it's pretty much difficult to do some lab screenshots and tasks. Besides that, we have a detailed article about VMware vSphere Encryption here.
There are also some changes for the default roles for VMware vSphere (this is not new, it's here since vSphere 6.5). VMware has created a new default role “No Cryptography Administrator“.
You’ll find this new role in the Roles, as usually. The new role will have still all the other privileges like a “standard” admin, but less the Encryption rights.
Get Your Free One Year NFR
A fellow friend working at Hytrust, Vic Camacho, has published the news.
Quote from his blog:
We are now offering a free one-year KeyControl license to all current vExperts for use in non-production\lab environments. This is a fully functional license. As long as you’re a current member in the vExpert community you will be provided access.
Now you can enable both vSphere and vSAN native encryption in your labs. Another great value-add here is that we also give you 5 free policy agents as part of that license that you can use to encrypt 5 virtual machines with DataControl. What we’re really doing here is giving you, our valued vExpert community, the option to test against the various encryption use cases you may have in your own environments. I will also be updating the vExpert “freebies” page in short order.
Here is the link to use to register for a free one-year KeyControl License: vExpert KeyControl License.
Check it out.
Source: Vic Camacho
More from ESX Virtualization
- VCP6.5-DCV Study Guide
- VMware Transparent Page Sharing (TPS) Explained
- VMware Virtual Hardware Performance Optimization Tips
- How to Patch VMware vCenter Server Appliance (VCSA) 6.7 Offline
- How To do a Dry Run of an esxcli Installation or Upgrade on VMware ESXi
- VMware DRS Entitlement Viewer – Free Tool