After you have imported the vSphere Trust Authority Cluster information to the Trusted Cluster, the Trusted Hosts start the attestation process with the Trust Authority Cluster.
Prerequisites
- Enable the Trust Authority Administrator.
- Enable the Trust Authority State.
- Collect Information About ESXi Hosts and vCenter Server to Be Trusted.
- Import the Trusted Host Information to the Trust Authority Cluster.
- Create the Key Provider on the Trust Authority Cluster.
- Export the Trust Authority Cluster Information.
Procedure
Results
The ESXi Trusted Hosts in the Trusted Cluster begin the attestation process with the Trust Authority Cluster.
Example: Import the Trust Authority Cluster Information to the Trusted Hosts
This example shows how to import the Trust Authority Cluster service information to the Trusted Cluster. The following table shows the example components and values that are used.
Component | Value |
---|---|
vCenter Server of the Trusted Cluster | 192.168.110.22 |
Trust Authority administrator | trustedadmin@vsphere.local |
Trusted Cluster name | Trusted Cluster |
ESXi hosts in the Trust Authority Cluster | 192.168.210.51 and 192.168.210.52 |
Variable $TC |
Get-TrustedCluster -Name 'Trusted Cluster' |
PS C:\Users\Administrator.CORP> Disconnect-VIServer -server * -Confirm:$false PS C:\Users\Administrator.CORP> Connect-VIServer -server 192.168.110.22 -User trustedadmin@vsphere.local -Password 'VMware1!' Name Port User ---- ---- ---- 192.168.110.22 443 VSPHERE.LOCAL\trustedadmin PS C:\Users\Administrator.CORP> Get-TrustedCluster Name State Id ---- ----- -- Trusted Cluster Disabled TrustedCluster-domain-c8 PS C:\Users\Administrator.CORP> $TC = Get-TrustedCluster -Name 'Trusted Cluster' PS C:\Users\Administrator.CORP> $TC Name State Id ---- ----- -- Trusted Cluster Disabled TrustedCluster-domain-c8 PS C:\Users\Administrator.CORP> Import-TrustAuthorityServicesInfo -FilePath C:\vta\clsettings.json Confirmation Importing the TrustAuthorityServicesInfo into Server '192.168.110.22'. Do you want to proceed? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y ServiceAddress ServicePort ServiceGroup -------------- ----------- ------------ 192.168.210.51 443 host-13:86f7ab6c-ad6f-4606-... 192.168.210.52 443 host-16:86f7ab6c-ad6f-4606-... 192.168.210.51 443 host-13:86f7ab6c-ad6f-4606-... 192.168.210.52 443 host-16:86f7ab6c-ad6f-4606-... PS C:\Users\Administrator.CORP> Set-TrustedCluster -TrustedCluster $TC -State Enabled Confirmation Setting TrustedCluster 'Trusted Cluster' with new TrustedState 'Enabled'. Do you want to proceed? [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Name State Id ---- ----- -- Trusted Cluster Enabled TrustedCluster-domain-c8 PS C:\Users\Administrator.CORP> $TC = Get-TrustedCluster -Name 'Trusted Cluster' PS C:\Users\Administrator.CORP> $tc.AttestationServiceInfo ServiceAddress ServicePort ServiceGroup -------------- ----------- ------------ 192.168.210.51 443 host-13:dc825986-73d2-463c-... 192.168.210.52 443 host-16:dc825986-73d2-463c-... PS C:\Users\Administrator.CORP> $tc.KeyProviderServiceInfo ServiceAddress ServicePort ServiceGroup -------------- ----------- ------------ 192.168.210.51 443 host-13:dc825986-73d2-463c-... 192.168.210.52 443 host-16:dc825986-73d2-463c-...
What to do next
Continue with Configure the Trusted Key Provider for Trusted Hosts Using the vSphere Client or Configure the Trusted Key Provider for Trusted Hosts Using the Command Line.