TPM technology provides hardware-based, security-related functions. This guide should help you use TPM secure your virtual machines in vSphere.
TPM is an industry-wide standard for secure cryptoprocessors. TPM chips are found in most of today's computers, from laptops, to desktops, to servers. TPM 2.0 was only supported in vSphere 6.7 and later version.
A TPM module is a discrete security device that provides a secure location for storing sensitive information such as encryption keys. A TPM chip has hardcoded cryptographic keys that make it relatively impossible for a hacker to modify or alter in some way.
To add vTPM to virtual machine, your vSphere environment must meet these requirements:
According to VMware, you can add a virtual cryptoprocessor that uses Trusted Platform Module (TPM) technology to an encrypted virtual machine, which enhances the security to the guest operating system.
Here are the steps to add a vTPM to a virtual machine in vSphere Client.
First, you must create a key provider before you can add a vTPM.
1. In vSphere Client, select Add Native Key Provider, then enter a name for the key provider and click Add Key Provider.
2. Click the Back Up button to back up the key provider to become active.
3. You will be asked if you want to protect the backup with a password. After selecting a password configuration, the key will download in the browser as a .p12 file.
The native key provider is configured and please go to create an encrypted virtual machine.
1. Navigate to the virtual machine in the vSphere Client inventory, and click New Virtual Machine. On the Select storage page, you should enable Encrypt this virtual machine.
2. On Select compatibility screen, select at least ESXi 6.7 and later for Windows guest OS, or ESXi 7.0 U2 and later for Linux guest OS to allow using the vTPM feature.
3. Select Windows or Linux for use as the guest OS.
4. Now, ready to add a vTPM to the encrypted VM.
Click Add New Device and select Trusted Platform Module. You can further customize the hardware, for example, by changing disk size or CPU.
5. Review the settings and click Finish.
The importance of data security needs no further elaboration, especially when you have a lot of virtual machines with critical data. An effective vSphere backup solution protects virtual machine data from human errors, hard drive failures, outages, fire and natural disasters.
An ideal vSphere backup software protects data and keep business continuity. AOMEI Cyber Backup is a professional and easy-to-use tool that is designed to protect virtual machines from security threats. It offers image-based backup to automate multiple virtual machines protection while running, and it allows you to perform fast disaster recovery, which reduces business downtime and financial loss.
It simplifies the backup process and present the steps with intuitive GUI interface. In addition, it offers you the following benefits.
✦ Agentless Backup: create complete and independent image-level backup for VMware ESXi and Hyper-V VMs. ✦ Support Free ESXi: AOMEI Cyber Backup support both paid and free versions of VMware ESXi. ✦ Flexible vSphere Backup: batch backup large numbers of VMs managed by vCenter Server, or multiple VMs on a standalone ESXi host. ✦ Multiple Storage Destinations: backup to local drive, or network destinations like Windows share or NAS. ✦ Automated Execution: create backup schedules to automate backups daily, weekly, monthly. ✦ Email Notification: send email notification when the task is completed or abnormal. ✦ Role Assignment: allows one administrator to create sub-accounts with limited privileges.
As for VMware vSphere, AOMEI Cyber Backup supports VMware ESXi 6.0 and later versions. Next, I will show you how to perform vSphere VM backup and restore via AOMEI Cyber Backup. You can click the following button to download the free trial for 30-day.
▶ Backup Multiple Virtual Machines:
1. Bind Devices: Access to AOMEI Cyber Backup web client, navigate to Source Device > VMware > + Add VMware Device to Add vCenter or Standalone ESXi host. And then click … > Bind Device.
2. Create Backup Task: Navigate to Backup Task > + Create New Task, and select VMware ESXi Backup as the Backup Type.
3. Set the Task Name, Device, Target, Schedule and Cleanup as needed.
4. Run Backup: Now you can click Start Backup and select Add the schedule and start backup now, or Add the schedule only.
Created backup tasks will be listed and monitored separately for restoring, progress checking and schedule changing.
▶ Restore VM from Backup:
5. Select the backup task you want to restore, and click ... > Restore to open the wizard.
Or you can click Backup Management > History Versions. Specify a VM and select a restore point from the left list.
6. Start Restore: Choose to Restore to original location or Restore to new location. And click Start Restore to recover the virtual machine in place.
TPM enhances computer security and privacy and protects data through encryption and decryption, protecting authentication credentials, and proving which software is running on the system. This article shares the procedures to add a vTPM to a vSphere virtual machine.