I had three people asking this question the past few weeks, they were trying to configure the vSphere Native Key Provider so that they could enable vSAN Encryption, but the backup function wasn’t working. If you have not seen the Native Key Provider in action yet, just watch the video below.
As demonstrated in the video, when you configure the vSphere Native Key provider, you need to back up the key first before you can use it. Now, as mentioned, I had a few folks asking the past weeks why they couldn’t back up the key. The reason for it is simple, when you configure the Native Key Provider and want to back it up, you need to access the vSphere UI via the fully qualified domain name. In other words, when you access the H5 UI via the IP address of the vCenter Server, then the backup function won’t work. Also, when you have multiple vCenter Server instances in Linked Mode, you need to make sure you access the correct vCenter Server, the vCenter Server instance on which the Native Key Provider is enabled. Isn’t all of this documented? Yes, it is! But who reads documentation these days right?
Leave a Reply