|
| 1 | +--- |
| 2 | +title: Configure Virtual Machines - Virtual Trusted Platform Module (vTPM) |
| 3 | +description: Learn how to configure Virtual Machines - Virtual Trusted Platform Module (vTPM). |
| 4 | +ms.topic: how-to |
| 5 | +ms.service: azure-vmware |
| 6 | +ms.date: 11/22/2024 |
| 7 | +ms.custom: engagement-fy25 |
| 8 | +--- |
| 9 | + |
| 10 | +# Configure Virtual Trusted Platform Module (vTPM) on Virtual Machines with Azure VMware Solution |
| 11 | + |
| 12 | +This article demonstrates how to enable the virtual Trusted Platform Module (vTPM) in a VMware vSphere virtual machine (VM) running in the Azure VMware Solution. |
| 13 | + |
| 14 | +A virtual Trusted Platform Module (vTPM) in VMware vSphere is a virtual counterpart of a physical TPM 2.0 chip, utilizing VM Encryption. It provides the same functionalities as a physical TPM but operates within VMs. Each VM can have its own unique and isolated vTPM, which helps secure sensitive information and maintain system integrity. This setting enables VMs to apply security features like BitLocker disk encryption and authenticate virtual hardware devices, creating a more secure virtual environment. |
| 15 | + |
| 16 | +## Pre-requisites |
| 17 | + |
| 18 | +Before configuring vTPM on a VM in Azure VMware Solution, ensure the following pre-requisites are met: |
| 19 | + |
| 20 | +- The virtual machine must use EFI firmware. |
| 21 | +- The virtual machine must be at hardware version 14 or later. |
| 22 | +- Guest OS support: Linux, Windows Server 2008 and later, Windows 7 and later. |
| 23 | + |
| 24 | +>[!IMPORTANT] |
| 25 | +>Customers do not need to configure a key provider to use vTPM with Azure VMware Solution. Azure VMware Solution already provides and manages key providers for each environment. |
| 26 | +
|
| 27 | +## How to Configure vTPM |
| 28 | + |
| 29 | +To configure vTPM on a VM in Azure VMware Solution, follow these steps: |
| 30 | + |
| 31 | +1. Connect to vCenter Server using the vSphere Client. |
| 32 | + |
| 33 | +2. In the inventory, right-click the virtual machine you want to modify and select "Edit Settings". |
| 34 | + |
| 35 | +:::image type="content" source="./media/enable-virtual-trusted-platform-module-on-virtual-machine.png" alt-text="Diagram showing how to enable vTPM on a virtual machine in Azure VMware Solution." border="false" lightbox="./media/enable-virtual-trusted-platform-module-on-virtual-machine.png"::: |
| 36 | + |
| 37 | +3. In the Edit Settings dialog box, click "Add New Device" and choose "Trusted Platform Module". |
| 38 | + |
| 39 | +4. Click "OK". The virtual machine Summary tab displays the Virtual Trusted Platform Module in the VM Hardware pane. |
| 40 | + |
| 41 | +>[!IMPORTANT] |
| 42 | +>On VMware vSphere 7, cloning a virtual machine creates an exact replica of both the VM and the vTPM. VMware vSphere 8 introduces options to either copy or replace the TPM, allowing for better handling of different use cases. |
| 43 | +
|
| 44 | +## Unsupported scenarios |
| 45 | + |
| 46 | +Migration of VMs with vTPM may not be supported by some tools. Check the documentation of the migration tool. If it is not supported, you can follow VMware documentation to safely disable vTPM and re-enable it post-migration. |
| 47 | + |
| 48 | +## More information |
| 49 | +[Securing Virtual Machines with Virtual Trusted Platform Module](https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vm_admin.doc/GUID-A43B6914-E5F9-4CB1-9277-448AC9C467FB.html) |
| 50 | +[What Is a Virtual Trusted Platform Module](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6F811A7A-D58B-47B4-84B4-73391D55C268.html) |
| 51 | +[vSphere Virtual TPM (vTPM) |
| 52 | + Questions & Answers](https://www.vmware.com/docs/vsphere-virtual-tpm-vtpm-questions-answers) |
0 commit comments