Book Image

System Center 2012 R2 Virtual Machine Manager Cookbook - Second Edition

By : Edvaldo Alessandro Cardoso Sobrinho, EDVALDO ALESSANDRO CARDOSO
Book Image

System Center 2012 R2 Virtual Machine Manager Cookbook - Second Edition

By: Edvaldo Alessandro Cardoso Sobrinho, EDVALDO ALESSANDRO CARDOSO

Overview of this book

Table of Contents (18 chapters)
System Center 2012 R2 Virtual Machine Manager Cookbook
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Preface
Index

Configuring Distributed Key Management


Distributed Key Management (DKM) is used to store VMM encryption keys in Active Directory Domain Services (AD DS).

When installing VMM, for security reasons (recommended, as it encrypts the information on AD) and when deploying HA VMM (required), choose to use DKM on the Configure service account and distributed key management page.

Why do we need the DKM? By default, VMM encrypts some data in the VMM database using the Windows Data Protection API (DPAPI)—for example, the Run As account's credentials and passwords—and this data is tied to the VMM server and the service account used by VMM. However, with DKM, different machines can securely access the shared data.

Once an HA VMM node fails over to another node, it will access the VMM database and use the encryption keys conveniently stored under a container in AD to decrypt the data in the VMM database.

Getting ready

The following are some considerations to use distributed key management in VMM 2012:

  • When...