FAQ for KMIP for VMware migration
Key Management Interoperability Protocol (KMIP™) for VMware® support for Key Protect will end on 16 July 2026, after which interoperability with the Key Protect service will no longer work. Migrate to IBM® Key Protect for IBM Cloud®.
This announcement is applicable only to customers who are using the KMIP for VMware support for Key Protect. Customers who are using KMIP for VMware support for Hyper Protect Crypto Services (HPCS) remain unaffected by this announcement. The KMIP for VMware support for HPCS continues to function as usual without any impact.
Find answers to frequently asked questions about the Key Management Interoperability Protocol (KMIP™) for VMware® service.
What does the End of Support announcement mean?
Support for the Key Protect service as part of the KMIP for VMware will end on 16 July 2026 after which the service will no longer be available. Customers must migrate to the native IBM® Key Protect for IBM Cloud® offering, or an alternative key management service of your choice by 16 July 2026.
This announcement is applicable only to customers who are using the KMIP for VMware support for Key Protect.
I am a user of KMIP for VMware support for HPCS. What does this announcement mean for me?
This announcement is applicable only to customers who are using the KMIP for VMware support for Key Protect. Customers who are using KMIP for VMware support for Hyper Protect Crypto Services (HPCS) remain unaffected by this announcement. The KMIP for VMware support for HPCS continues to function as usual without any impact.
Why is the support for KMIP for VMware ending?
The new key provider, IBM® Key Protect for IBM Cloud®, offers various advantages over the KMIP for VMware adapter that supports the existing Key Protect. The decision to end support was taken due to the following reasons:
- Reduced risk of failure to recover VMs.
- Improved performance due to the shorter network distance for calls from KMIP to key provider.
- Improved visibility and management of KMIP keys.
- No change in pricing when you shift to the new and improved key provider.
What are the next steps?
Customers must migrate to the native IBM® Key Protect for IBM Cloud® offering, or an alternative key management service of your choice by 16 July 2026. For more information about the migration steps, see Migrating from KMIP for VMware to IBM Cloud native KMIP providers.
The KMIP for VMware support for Key Protect is not going to be available from 17 July 2026.
For any questions or assistance, send an email to clouddigitalsales@us.ibm.com, or open a support ticket in the VMware Solutions console.
Are there any challenges that are anticipated during the migration?
Customers who are using vSphere version 7.x can encounter an issue in vSphere HA that results in the restart of virtual machines with vSphere encryption during the rekeying process. However, you can work around this issue. For more information, see Encrypted VM with Change Block Tracking (CBT) enabled unexpectedly powers off after shallow rekey operation.
For any questions or assistance, send an email to clouddigitalsales@us.ibm.com, or open a support ticket in the VMware Solutions console.
Is there a price change? Does it cost more?
No, the price of adopting the new key provider, IBM® Key Protect for IBM Cloud®, remains the same as what customers are currently paying for KMIP for VMware support for Key Protect. The existing KMIP adapter for VMware is not chargeable, and the customers are only charged monthly for per key version. The pricing remains the same in the new key provider.