vSAN 암호화를 사용하여 저장 데이터를 암호화하기 위한 한 가지 옵션은 활성 키 관리 서비스(KMS)를 외부 서비스로 전환하는 것입니다. Thales CipherTrust Manager는 KMIP 1.1을 준수하고 VMware에서 vSAN에 대한 인증을 받은 외부 KMS 솔루션입니다.
Google Cloud VMware Engine의 기본 vSAN 암호화 동작에 대한 자세한 내용은 vSAN 암호화 정보를 참조하세요.
시작하기 전에
CipherTrust Manager 가이드의 명령줄 예시를 사용하려면 최신 버전의 Google Cloud CLI를 설치하거나 업데이트해야 합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[],[],null,["# Configuring vSAN encryption using CipherTrust Manager\n=====================================================\n\nTo encrypt data at rest using vSAN encryption, one option is to switch your\nactive key management service (KMS) to an external one. [Thales CipherTrust Manager](https://cpl.thalesgroup.com/encryption/ciphertrust-manager)\nis an external KMS solution that's KMIP 1.1 compliant and certified by VMware for\nvSAN.\n\nFor information about the default vSAN encryption behavior of\nGoogle Cloud VMware Engine, see [About vSAN encryption](/vmware-engine/docs/vmware-ecosystem/howto-vsan-encryption).\n\nBefore you begin\n----------------\n\nTo use the command-line examples in the CipherTrust Manager guide, you must\ninstall or update to the latest version of the [Google Cloud CLI](/sdk/gcloud).\n\nThe [Thales CipherTrust Manager documentation](https://thalesdocs.com/ctp/ig/google/gcve/index.html) provides\nadditional information about prerequisites for this integration.\n\nSetup overview\n--------------\n\nSetting up VMware Engine with CipherTrust Manager involves the\nfollowing major steps:\n\n1. Access and install a CipherTrust Manager image on a Compute Engine VM.\n2. In CipherTrust Manager, configure network details and assign users to a key management domain.\n3. Create a registration token and registered client to use when configuring the key management interoperability protocol (KMIP) connection to vCenter Server.\n4. Register the KMIP client in Thales CipherTrust Manager using a private key and certificate.\n5. In vCenter Server, declare CipherTrust Manager as a standard key provider.\n\nFor a full description of the steps required for this integration, see the\n[Thales CipherTrust Manager documentation](https://thalesdocs.com/ctp/ig/google/gcve/index.html) for\nGoogle Cloud VMware Engine."]]