[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[],[],null,["# Configuring vSAN encryption using CipherTrust Manager\n=====================================================\n\nTo encrypt data at rest using vSAN encryption, one option is to switch your\nactive key management service (KMS) to an external one. [Thales CipherTrust Manager](https://cpl.thalesgroup.com/encryption/ciphertrust-manager)\nis an external KMS solution that's KMIP 1.1 compliant and certified by VMware for\nvSAN.\n\nFor information about the default vSAN encryption behavior of\nGoogle Cloud VMware Engine, see [About vSAN encryption](/vmware-engine/docs/vmware-ecosystem/howto-vsan-encryption).\n\nBefore you begin\n----------------\n\nTo use the command-line examples in the CipherTrust Manager guide, you must\ninstall or update to the latest version of the [Google Cloud CLI](/sdk/gcloud).\n\nThe [Thales CipherTrust Manager documentation](https://thalesdocs.com/ctp/ig/google/gcve/index.html) provides\nadditional information about prerequisites for this integration.\n\nSetup overview\n--------------\n\nSetting up VMware Engine with CipherTrust Manager involves the\nfollowing major steps:\n\n1. Access and install a CipherTrust Manager image on a Compute Engine VM.\n2. In CipherTrust Manager, configure network details and assign users to a key management domain.\n3. Create a registration token and registered client to use when configuring the key management interoperability protocol (KMIP) connection to vCenter Server.\n4. Register the KMIP client in Thales CipherTrust Manager using a private key and certificate.\n5. In vCenter Server, declare CipherTrust Manager as a standard key provider.\n\nFor a full description of the steps required for this integration, see the\n[Thales CipherTrust Manager documentation](https://thalesdocs.com/ctp/ig/google/gcve/index.html) for\nGoogle Cloud VMware Engine."]]