O'Reilly logo

Microsoft System Center Virtual Machine Manager 2012 Cookbook by Edvaldo Alessandro Cardoso

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Configuring distributed key management

Distributed key management (DKM) is used to store VMM encryption keys in Active Directory Domain Services (AD DS).

When installing VMM, for security reasons (recommended, as it encrypts the information on AD) and when deploying HA VMM (required), choose to use DKM on the Configure service account and distributed key management page.

Why do we need the DKM? By default, using the Windows Data Protection API (DPAPI), VMM encrypts some data in the VMM database (for example, the Run As account credentials and passwords), and this data is tied to the VMM server and the service account used by VMM. However, with DKM, different machines can securely access the shared data.

Once an HA VMM node fails over to another ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required