Agenda How to Install Windows 11 Guest OS on VMware vSphere 8 with a Virtual TPM? How to enable the vSphere native Key Provider or Standard/3rd Party Key Provider? How to Create a new VM with an encrypted hard disk? How to enable vTPM for a VMware ESXi VM? Thank you #vmware #hpe #microsoft #win11 #windows11 #tpm #vitual #esx #vc #key #provider #encryption #howto
thank you for your well explained video!. Quick question, is it possible to apply this on a host which is not added in a vcenter? because this is a very good fix for hosts which are in a Center but what if the host is not part of a vCenter?
Absolutely, it's possible to apply Virtual TPM (vTPM) on an ESXi host even if it's not added to a vCenter. While the process may differ slightly from when the host is part of a vCenter environment, you can still configure vTPM directly on the ESXi host itself. You'll need to access the ESXi host directly using the vSphere Client or the ESXi Embedded Host Client. From there, you can navigate to the virtual machine settings and enable vTPM for the desired virtual machines. Keep in mind that vTPM requires specific hardware compatibility and virtual machine configurations, so it's essential to review the compatibility requirements and ensure your environment meets them before proceeding. Thank you
Hi Grish, Yes, we can add a Virtual Trusted Platform Module (vTPM) to an existing virtual machine to provide enhanced security to the guest operating system. We must create a key provider before you can add a vTPM. The VMware virtual TPM is compatible with TPM 2.0, and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts. Prerequisites: Ensure that your vSphere environment is configured for a key provider. See the following for more information: Configuring vSphere Trust Authority Configuring and Managing a Standard Key Provider Configuring and Managing vSphere Native Key Provider The guest OS you use can be Windows Server 2008 and later, Windows 7 and later, or Linux. Verify that the virtual machine is turned off. The ESXi hosts running in your environment must be ESXi 6.7 and later (Windows guest OS), or 7.0 Update 2 and later (Linux guest OS). The virtual machine must use EFI firmware. Verify that you have the required privileges: Cryptographic operations.Clone Cryptographic operations.Encrypt Cryptographic operations.Encrypt new Cryptographic operations.Migrate Cryptographic operations.Register VM Virtual machine.Change Configuration.Add or remove device Procedure: Connect to vCenter Server by using the vSphere Client. Right-click the virtual machine in the inventory that you want to modify and select Edit Settings. In the Edit Settings dialog box, click Add New Device and select Trusted Platform Module. Click OK. The Virtual Machine Details pane reflects that encryption has been applied to the virtual machine.
Hi Chris, Currently, I am using the VMware vSphere Evaluation License, which allows us to use the full version of ESXi and vCenter Server for 60 days. Thanks
It's important to note that not all hardware platforms have built-in TPMs. In such cases, you may consider alternative solutions like software-based TPM emulators or external TPM modules. These solutions may provide similar functionalities, but they may have different security characteristics or limitations.
Hi Bharath, Thank you for your interest. Login to VMware Hands-on Lab website hol.vmware.com/ Search with the keyword "VMware vSphere - Security Getting Started" (or) "TPM" To find out the relevant Lab to practice. All the Best!
This is a life saver vid. Amazing and very simple steps and very clear explanation. Thank you so much.
Glad it helped!
Thank you for sharing this video, very well explained in details, Thank you
Glad it was helpful! Thank you
thinks for this video it help me install win 11 today
Most welcome
Agenda
How to Install Windows 11 Guest OS on VMware vSphere 8 with a Virtual TPM?
How to enable the vSphere native Key Provider or Standard/3rd Party Key Provider?
How to Create a new VM with an encrypted hard disk?
How to enable vTPM for a VMware ESXi VM?
Thank you
#vmware #hpe #microsoft #win11 #windows11 #tpm #vitual #esx #vc #key #provider #encryption #howto
Thank you for the video, it is very easy to understand!
Most welcome.
thank you for your well explained video!. Quick question, is it possible to apply this on a host which is not added in a vcenter? because this is a very good fix for hosts which are in a Center but what if the host is not part of a vCenter?
Absolutely, it's possible to apply Virtual TPM (vTPM) on an ESXi host even if it's not added to a vCenter.
While the process may differ slightly from when the host is part of a vCenter environment, you can still configure vTPM directly on the ESXi host itself.
You'll need to access the ESXi host directly using the vSphere Client or the ESXi Embedded Host Client.
From there, you can navigate to the virtual machine settings and enable vTPM for the desired virtual machines.
Keep in mind that vTPM requires specific hardware compatibility and virtual machine configurations, so it's essential to review the compatibility requirements and ensure your environment meets them before proceeding.
Thank you
Hi Gnan, how to add a vTPM to an existing virtual machine?
Hi Grish,
Yes, we can add a Virtual Trusted Platform Module (vTPM) to an existing virtual machine to provide enhanced security to the guest operating system.
We must create a key provider before you can add a vTPM.
The VMware virtual TPM is compatible with TPM 2.0, and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.
Prerequisites:
Ensure that your vSphere environment is configured for a key provider. See the following for more information:
Configuring vSphere Trust Authority
Configuring and Managing a Standard Key Provider
Configuring and Managing vSphere Native Key Provider
The guest OS you use can be Windows Server 2008 and later, Windows 7 and later, or Linux.
Verify that the virtual machine is turned off.
The ESXi hosts running in your environment must be ESXi 6.7 and later (Windows guest OS), or 7.0 Update 2 and later (Linux guest OS).
The virtual machine must use EFI firmware.
Verify that you have the required privileges:
Cryptographic operations.Clone
Cryptographic operations.Encrypt
Cryptographic operations.Encrypt new
Cryptographic operations.Migrate
Cryptographic operations.Register VM
Virtual machine.Change Configuration.Add or remove device
Procedure:
Connect to vCenter Server by using the vSphere Client.
Right-click the virtual machine in the inventory that you want to modify and select Edit Settings.
In the Edit Settings dialog box, click Add New Device and select Trusted Platform Module.
Click OK.
The Virtual Machine Details pane reflects that encryption has been applied to the virtual machine.
@@gnancloudgarage thx so much
What ESxi License do you use?
Hi Chris,
Currently, I am using the VMware vSphere Evaluation License, which allows us to use the full version of ESXi and vCenter Server for 60 days.
Thanks
@@gnancloudgarage ok thx.
is it necessary to have phy tpm installed on my hw?
It's important to note that not all hardware platforms have built-in TPMs.
In such cases, you may consider alternative solutions like software-based TPM emulators or external TPM modules.
These solutions may provide similar functionalities, but they may have different security characteristics or limitations.
For me, only create new natif key and uncheck the esxi hote case, thanks !
Thank you
this option not show in virtualization 101 hotlab. where practice lab
Hi Bharath,
Thank you for your interest.
Login to VMware Hands-on Lab website hol.vmware.com/
Search with the keyword "VMware vSphere - Security Getting Started" (or) "TPM"
To find out the relevant Lab to practice.
All the Best!