How to Install Windows 11 Guest OS on VMware vSphere 8 with a Virtual TPM?

Glad it was helpful! Thank you

Hi Grish,
Yes, we can add a Virtual Trusted Platform Module (vTPM) to an existing virtual machine to provide enhanced security to the guest operating system.
We must create a key provider before you can add a vTPM.
The VMware virtual TPM is compatible with TPM 2.0, and creates a TPM-enabled virtual chip for use by the virtual machine and the guest OS it hosts.
Prerequisites:
Ensure that your vSphere environment is configured for a key provider. See the following for more information:
Configuring vSphere Trust Authority
Configuring and Managing a Standard Key Provider
Configuring and Managing vSphere Native Key Provider
The guest OS you use can be Windows Server 2008 and later, Windows 7 and later, or Linux.
Verify that the virtual machine is turned off.
The ESXi hosts running in your environment must be ESXi 6.7 and later (Windows guest OS), or 7.0 Update 2 and later (Linux guest OS).
The virtual machine must use EFI firmware.
Verify that you have the required privileges:
Cryptographic operations.Clone
Cryptographic operations.Encrypt
Cryptographic operations.Encrypt new
Cryptographic operations.Migrate
Cryptographic operations.Register VM
Virtual machine.Change Configuration.Add or remove device
Procedure:
Connect to vCenter Server by using the vSphere Client.
Right-click the virtual machine in the inventory that you want to modify and select Edit Settings.
In the Edit Settings dialog box, click Add New Device and select Trusted Platform Module.
Click OK.
The Virtual Machine Details pane reflects that encryption has been applied to the virtual machine.

@@gnancloudgarage thx so much

Absolutely, it's possible to apply Virtual TPM (vTPM) on an ESXi host even if it's not added to a vCenter.
While the process may differ slightly from when the host is part of a vCenter environment, you can still configure vTPM directly on the ESXi host itself.
You'll need to access the ESXi host directly using the vSphere Client or the ESXi Embedded Host Client.
From there, you can navigate to the virtual machine settings and enable vTPM for the desired virtual machines.
Keep in mind that vTPM requires specific hardware compatibility and virtual machine configurations, so it's essential to review the compatibility requirements and ensure your environment meets them before proceeding.
Thank you

Most welcome.

Thank you

It's important to note that not all hardware platforms have built-in TPMs.
In such cases, you may consider alternative solutions like software-based TPM emulators or external TPM modules.
These solutions may provide similar functionalities, but they may have different security characteristics or limitations.

Hi Chris,
Currently, I am using the VMware vSphere Evaluation License, which allows us to use the full version of ESXi and vCenter Server for 60 days.
Thanks

@@gnancloudgarage ok thx.

Hi Bharath,
Thank you for your interest.
Login to VMware Hands-on Lab website hol.vmware.com/
Search with the keyword "VMware vSphere - Security Getting Started" (or) "TPM"
To find out the relevant Lab to practice.
All the Best!