KMIP for VMware overview

End of Marketing: As of 31 October 2025, new deployments of VMware Solutions offerings are no longer available for new customers. Existing customers can still use and expand their active VMware® workloads on IBM Cloud®. For more information, see End of Marketing for VMware on IBM Cloud.

Key Management Interoperability Protocol (KMIP™) for VMware® support for Key Protect will end on 16 July 2026, after which interoperability with the Key Protect service will no longer work. Migrate to IBM® Key Protect for IBM Cloud®.

The previous deprecation notice is applicable only to customers who are using the KMIP for VMware support for Key Protect. If you are using KMIP for VMware support for Hyper Protect Crypto Services (HPCS), the KMIP deprecation notice does not apply to you. The KMIP for VMware support for HPCS continues to work without any impact.

This solution architecture describes the KMIP™ on VMware architecture for protecting your VMware® instances. Many storage encryption options are available to protect your VMware workload. KMIP for VMware works together with VMware native vSphere encryption and vSAN™ encryption. The vSphere and vSAN encryption provides simplified storage encryption management together with the security and flexibility of IBM Cloud® Key Protect or IBM Cloud Hyper Protect Crypto Services customer-managed keys.

This solution is considered to be an extra component and extension of the VMware Cloud Foundation for Classic offerings on IBM Cloud. As a result, this document doesn't cover the existing configuration of these foundation solutions on IBM Cloud. To understand more about the foundation solution architecture, see Overview of VMware Solutions.