#VCP Traditional KMS Servers offer more functionialites than a the vSphere Native key provider (NKP). They usually provide certifications and compliance guarantees for widely adopted security standards. ## vSphere Native key provider (NKP) Is vSpheres own Key provider which can only be used for encryption/decryption tasks inside a vSphere environment. Features: - vSAN encryption - data-at-rest - data-in-rest - vSphere VM encryption - Secure boot of ESXi servers ### Setup NKP Is configured inside the vSphere client. Configure - Key Management Servers - Add Native Key Provider To be able to complete the setup you will need to add a backup your NKP, the backup will export a p12 file for you to store. Each ESXi host which will need access to the KMS must have TPM 2.0 activated, using SHA256 and the TIS/FIFO interface, not the CRB interface. The NKP is also backed up automatically when creating a file based backup, consider protecting this backup aswell. ## 🔗Resources