Key Management
Server
The vCenter Server requests keys from an
external KMS. The KMS generates and stores the keys, and passes them to vCenter
Server for distribution.
You can use the vSphere Client or the vSphere API
to add a cluster of KMS instances to the vCenter Server system. If you use
multiple KMS instances in a cluster, all instances must be from the same vendor
and must replicate keys.
If your environment uses different KMS vendors in
different environments, you can add a KMS cluster for each KMS and specify a
default KMS cluster. The first cluster that you add becomes the default
cluster. You can explicitly change the default later.
As a KMS client, vCenter Server uses the Key
Management Interoperability Protocol (KMIP) and makes it easy to use the KMS of
your choice.