It's been a while since I was thinking of testing a Key Management Server (KMS) in a lab and do some encryption based scenarios. However, all KMS solutions so far weren't free or difficult to obtain NFR. Today I'd like to spread the good news for Free NFR Keys for KMS from Hytrust for all VMware vExperts.
The KMS server has to be in place in order to leverage encryption for your VMs. Starting with vSphere 6.5, you can take advantage of virtual machine encryption.
Encryption protects not only your virtual machine but also virtual machine disks and other files. You set up a trusted connection between vCenter Server and a key management server (KMS). vCenter Server can then retrieve keys from the KMS as needed.
You need to set up actually a key management server (KMS) cluster. That task includes adding the KMS and establishing trust with the KMS. When you add a cluster, you are prompted to make it the default.
VMware has pretty good documentation about encryption at their documentation, so I won't go much into details right now, as I'm traveling and it's pretty much difficult to do some lab screenshots and tasks. Besides that, we have a detailed article about VMware vSphere Encryption here.
There are also some changes for the default roles for VMware vSphere (this is not new, it's here since vSphere 6.5). VMware has created a new default role “No Cryptography Administrator“.
You’ll find this new role in the Roles, as usually. The new role will have still all the other privileges like a “standard” admin, but less the Encryption rights.
Get Your Free One Year NFR
A fellow friend working at Hytrust, Vic Camacho, has published the news.
Quote from his blog:
We are now offering a free one-year KeyControl license to all current vExperts for use in non-production\lab environments. This is a fully functional license. As long as you’re a current member in the vExpert community you will be provided access.
Now you can enable both vSphere and vSAN native encryption in your labs. Another great value-add here is that we also give you 5 free policy agents as part of that license that you can use to encrypt 5 virtual machines with DataControl. What we’re really doing here is giving you, our valued vExpert community, the option to test against the various encryption use cases you may have in your own environments. I will also be updating the vExpert “freebies” page in short order.
Here is the link to use to register for a free one-year KeyControl License: vExpert KeyControl License.
Check it out.
Source: Vic Camacho
More from ESX Virtualization
- VCP6.5-DCV Study Guide
- VMware Transparent Page Sharing (TPS) Explained
- VMware Virtual Hardware Performance Optimization Tips
- How to Patch VMware vCenter Server Appliance (VCSA) 6.7 Offline
- How To do a Dry Run of an esxcli Installation or Upgrade on VMware ESXi
- VMware DRS Entitlement Viewer – Free Tool
Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)
How ridiculous. So I’m not a vExpert and have a massive lab at home but because of that I can’t get an NFR key. Emailing them has been a waste of time.
Why don’t they just offer an NFR key to just about anyone like Veeam does so we can all give encryption a try in our home lab? Making it available to only vExperts makes this offer extremely limited and of no value for more home labbers.
Hi, perhaps you get in touch with Vic directly? His blog is the source. Tell him you’re coming from my part perhaps? Let us know if it works -:)
I did, and as expected, no reply.
I just happen to come across this. I’m going to assume that the B in BW stands for Bob. If so, I’ve just responded on my own blog. Sorry I didn’t respond earlier. I was laid out sick over the weekend and Monday and didn’t log into anything. Not work, Twitter, Facebook, or any other social media. I had to disconnect to take care of me. Let me know what I can provide will suffice for your lab. BTW, you can also contact me directly on Twitter @Virtual_Vic. Let me know.
Thanks but a 60 day trial just isn’t long enough. I often go away for weeks at a time for projects so thats why I am interested in the 1yr NFR license.
I just can’t understand why you don’t make the NFR license available to everyone that uses it in a lab/non-production environment? Why limit it to vExperts only?
Veeam make their 1yr NFR license so easy to obtain (and renew), why can’t HyTrust?