VMware vSphere SDKs and Tools 8.0

8.0 7.0 6.7 6.5

Configure
vSphere Trust Authority
 Components

You can use
the
Services
 interface from the
com.vmware.vcenter.trusted_infrastructure.kms
 and
com.vmware.vcenter.trusted_infrastructure.attestation
 packages
 to perform Key Provider Service and Attestation Service management operations.
  • Verify that you have access to a working
    vSphere Trust Authority
     environment.
  • Verify that you have Trusted Infrastructure administrative privileges.
You can register, list, remove, and retrieve details about Key Provider Service and Attestation Service instances.
  1. Register a Key Provider Service instance in a Workload
    vCenter Server
    by calling the
    create(ServicesTypes.CreateSpec spec)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.kms
     package
    .
    The Key Provider Service instance is propagated to all Workload
    ESXi
     hosts that the Workload
    vCenter Server
     manages.
  2. Register an Attestation Service instance in a Workload
    vCenter Server
    by calling the
    create(ServicesTypes.CreateSpec spec)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.attestation
     package
    .
    The Attestation Service instance is propagated to all Workload
    ESXi
     hosts that the Workload
    vCenter Server
     manages.
  3. List Key Provider Service instances registered in a Workload
    vCenter Server
     by using filters
    by calling the
    list(ServicesTypes.FilterSpec spec)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.kms
     package
    .
  4. List Attestation Service instances registered in a Workload
    vCenter Server
     by using filters
    by calling the
    list(ServicesTypes.FilterSpec spec)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.attestation
     package
    .
  5. Remove a registered Key Provider Service instance
    by calling the
    delete(java.lang.String service)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.kms
     package
    .
    The Workload
    ESXi
     hosts can no longer retrieve keys by using that Key Provider Service instance.
  6. Remove a registered Attestation Service instance
    by calling the
    delete(java.lang.String service)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.attestation
     package
    .
    The Workload
    ESXi
     hosts can no longer attest that their configuration is secure by using that Attestation Service instance.
  7. Retrieve detailed information, including the certificates, for a registered Key Provider Service instance
    by calling the
    get(java.lang.String service)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.kms
     package
    .
  8. Retrieve detailed information, including the certificates, for a registered Attestation Service instance
    by calling the
    get(java.lang.String service)
     method of the
    Services
     interface from the
    com.vmware.vcenter.trusted_infrastructure.attestation
     package
    .

Content feedback and comments