VsanVcKmipServersHealth
This class defines KMIP servers connection status on vCenter side.
It has detailed KMS connection status, client/servers certificate status and expiration date.
This structure may be used only with operations rendered under /vsan
.
{
"_typeName": "string",
"health": "string",
"error": {
"_typeName": "string",
"faultCause": "MethodFault Object",
"faultMessage": [
{
"_typeName": "string",
"key": "string",
"arg": [
{
"_typeName": "string",
"key": "string",
"value": {
"_typeName": "string"
}
}
],
"message": "string"
}
]
},
"kmsProviderId": "string",
"kmsHealth": [
{
"_typeName": "string",
"serverName": "string",
"health": "string",
"error": {
"_typeName": "string",
"faultCause": "MethodFault Object",
"faultMessage": [
{
"_typeName": "string",
"key": "string",
"arg": [
{
"_typeName": "string",
"key": "string",
"value": {
"_typeName": "string"
}
}
],
"message": "string"
}
]
},
"trustHealth": "string",
"certHealth": "string",
"certExpireDate": "string"
}
],
"clientCertHealth": "string",
"clientCertExpireDate": "string",
"isAwsKms": false,
"cmkHealth": "string",
"kekExpireHealth": "string",
"kekExpireDate": "string",
"hostKeyExpireHealth": "string",
"hostKeyExpireDate": "string"
}
The overall KMIP servers health.
If error is set, it means there are issues when trying to retrieve Key Management Servers status.
The error message will describe the possible issues, such as "Retrieve KMIP servers status timed out".
The Id of the KMS cluster to use for vSAN Encryption.
The client certificate status.
If the certificate is expired, the health is "red". If the certificate expires in 30 days, the health is "yellow". Otherwise the certificate health is "green".
The client certificate expiry date.
Whether vSAN encryption is using AWS KMS.
The health status of Customer Master Key (CMK) from AWS KMS.
This is only set when using AWS KMS for vSAN encryption.
KEK expiration state.
'red' means that the KEK has expired or is going to expire in very close days(10 days by default), and 'yellow' means that the KEK will expire in certain days(30 days by default), and 'green' means that there is still a long time(more than 30 days by default) before the KEK expires or the KEK will not expire.
Key encryption key expiration date.
Host Key expiration state.
'red' means that the host key has expired or is going to expire in very close days(10 days by default), and 'yellow' means that the host key will expire in certain days(30 days by default), and 'green' means that there is still a long time(more than 30 days by default) before the host key expires or the host key will not expire.
Host key expiration date.