Configuring Distributed Key Management

Distributed Key Management (DKM) is used to store VMM encryption keys in Active Directory Domain Services (AD DS).

When installing VMM, for security reasons (recommended, as it encrypts the information on AD) and when deploying HA VMM (required), choose to use DKM on the Configure service account and distributed key management page.

Why do we need the DKM? By default, VMM encrypts some data in the VMM database using the Windows Data Protection API (DPAPI)—for example, the Run As account's credentials and passwords—and this data is tied to the VMM server and the service account used by VMM. However, with DKM, different machines can securely access the shared data.

Once an HA VMM node fails over to another node, ...

Get System Center 2012 R2 Virtual Machine Manager Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.