Search the VMware Knowledge Base (KB)
View by Article ID

Connect a vCenter Server System to a Key Management Server (KMS) (2147566)

  • 0 Ratings
Language Editions


Before you can use vSphere Virtual Machine Encryption to perform encryption operations, you must connect your vCenter Server to a Key Management Server (KMS). The exact steps depend on the process that the vendor supports, and on the vendor options. 
This KB article explains how to connect to a KMS. Because the process differs for different vendors and product versions, this article gives only an overview.


Before your start this process, you have to install the KMS in your environment. Follow the instructions from the KMS vendor.


 Task 1: Create the KMS Cluster

  1. Log in to the vCenter Server with the vSphere Web Client and select the vCenter Server in the inventory list.
  2. Click Configure and click Key Management Servers.
  3. Click Add, specify the following information in the KMS, and click OK.
    KMS cluster
    Select Create new cluster for a new cluster, or select an existing cluster.
    Cluster name
    Name of the KMS cluster that you want to create
    Server alias
    Use this alias to connect to the KMS if your vCenter Server instance becomes unavailable.
    Server address and port
    IP address or FQDN of the KMS, and port on which vCenter Server connects to the KMS. 
    Proxy address and portOptional proxy address and port for connecting to the KMS.
    Username and password
    Some KMS vendors allow users to isolate encryption keys that are used by different users or groups by specifying a user name and password. Specify a user name only if your KMS supports this functionality, and if you intend to use it.
  4.  If you want to use that KMS as the default source of keys, click OK when prompted.
  5. If you are using a vCenter Server Appliance, click Trust in the Trust Certificate dialog box to trust the KMS. 
    If you are using a vCenter Server Windows installation, you establish the trust from vCenter Server to the KMS in a separate step after you set up the KMS to trust vCenter Server. Task 2 explains the process.  

Task 2: Set up the KMS to Trust vCenter Server

Refer to the VMware Compatibility Guide for certified KMS's under Platform and Compute as well as links to partner public facing content for steps to configure a KMS with VMware vSphere.

Task 3: Verify or Finalize the Trust Setup

If you are running a vCenter Server Appliance, refresh the Key Management Server screen to verify that the trust relationship is now established.  The Connection Status for the KMS server shows Normal (green check mark).

If you are running vCenter Server on Windows, you have to finalize the trust setup. See the vSphere 6.5 Documentation Center for details.

To integrate with vendor Key Management Servers, please follow the certified vendor list at VMware Compatibility Guide.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.


  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)

Please enter the Captcha code before clicking Submit.
  • 0 Ratings