---
title: "Installation on VMware"
slug: "fortanix-data-security-manager-installation-on-vmware"
updated: 2026-04-01T07:25:22Z
published: 2026-03-23T16:12:37Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Installation on VMware

## 1.0 Introduction

The purpose of this article is to describe the Fortanix-Data-Security-Manager (DSM) Open Virtual Appliance (OVA) Installation steps for VMware vSphere version 6.7 or above.

## 2.0 Prerequisites

Ensure the following:

- VMware vSphere V6.7 or above.
- The central processing unit (CPU) must support `RDRAND` and `RDSEED`.
- Minimum requirements:

> [!NOTE]
> NOTE
> 
> This OVA is compatible with the `VMXnet3` network adapter, as it includes the latest version of `open-vm-tools (2:11.3.0-2ubuntu0~ubuntu20.04.7)`.
  - Cores: 8 Cores
  - Memory: 32GB Ram
  - 600 GB hard disk space.
  - Linux or Ubuntu 64 bits machine

## 3.0 Installation Steps

### 3.1 Using VSphere

Perform the following steps for each VM:

1. Go to the vSphere web.
2. From the **Actions** menu, select **Deploy OVF Template**.

![VMware-install1.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/360095075412.png)

**Figure 1: Deploy OVF Template**
3. Click **Select an OVF Template** from the left menu to create a new Virtual Machine (VM) from OVF/OVA.

![VMware-install2.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/360095001171.png)

**Figure 2: Create new OVA template**
  1. Add the URL of the OVA location or upload the OVA.
  2. Click **Next**.
4. Select the location for the Virtual Machine and click **NEXT**.

![VMware-install3.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/360095001291.png)

**Figure 3: Select the VM location**
5. Select the Compute Resource/ESXi Node and click **NEXT**.

![VMware-install4.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/360095001311.png)

**Figure 4: Select compute node resource**
6. Select the Network to be used by the VM.
7. Review the configuration and click **FINISH**.
8. To edit the VM configuration, click **Edit Settings** in the **ACTIONS** menu.

![VMware-install5.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/360095075912.png)

**Figure 5: Edit VM settings**

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/DSM_Edit VMware Settings.png)

**Figure 6: Edit the VM Configuration**
9. Further customizations can be configured by changing the settings of the VM.

> [!NOTE]
> NOTE
> 
> The default OVA settings are:
> 
> 1. **Username** - **administrator**
> 2. **Password** – contact Fortanix support ([support@fortanix.com](mailto:support@fortanix.com)) for the password.
> 3. **IP** - <VM IP address>

*For the rest of the deployment steps, refer to*[*Section 4.0: Configuring the VMs*](/v1/docs/fortanix-data-security-manager-installation-on-vmware#40-configuring-the-vms)*and*[*Section 5.0: Fortanix DSM Installation*](/v1/docs/fortanix-data-security-manager-installation-on-vmware#50-fortanix-dsm-installation)*.*

### 3.2 Using ESXi

Perform the following steps for each VM:

1. Log in to the ESXi Host Client server, navigate to the **Virtual Machines** menu item, and click **Create/Register VM** to create or register the required VM machine.

![Screenshot from 2024-01-02 17-18-27.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/22643313573012.png)

**Figure 7: ESXi Client Server**

The **New virtual machine** dialog box appears on the screen.
2. On the **Select creation type** tab, select the required option from the drop down menu.

![Screenshot from 2024-01-02 17-18-38.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/22643313576468.png)

**Figure 8: Select Creation Type Tab**

Download the latest OVA package on your system from [DSM Installation Package (On-Prem): DSM 4.31 Patch OVA Package](https://fortanix.zendesk.com/hc/en-us/articles/10644636415380-DSM-Installation-Package-Downloads-on-prem). Now you can select OVF to upload OVA from your system.
3. On the **Select OVF and VMDK files** tab, enter the name of the VM and upload OVA file.

![Screenshot from 2024-01-02 17-18-51.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/22643297810196.png)

**Figure 9: Select OVF and VMDK Files Tab**
4. On the**Select storage** tab, select the required storage type.

![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/DSM_Select Storage.png)

**Figure 10: Select Storage tab**
5. On the **Deployment options** tab:
  - **Network mappings**: Select the required VM Network from the drop down menu.
  - **Disk provisioning**: Select **Thin**.
  - **Power on automatically**: Select the check box to enable the feature.

![Screenshot from 2024-01-02 17-19-17.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/22643313582484.png)

**Figure 11: Deployment Options Tab**
6. On the **Ready to complete** tab, review the summary and click **Finish**.

![Screenshot from 2024-01-02 17-19-38.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/22643313584148.png)

**Figure 12: Summary Tab**

Wait for a few minutes for the OVA to be uploaded and the VM to be created. The following screen displays the results:

![Screenshot from 2024-01-02 17-19-53.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/22643491237396.png)

**Figure 13: Results Screen**

*For the rest of the deployment steps, refer to*[*Section 4.0: Configuring the VMs*](/v1/docs/fortanix-data-security-manager-installation-on-vmware#40-configuring-the-vms)*and*[*Section 5.0: Fortanix DSM Installation*](/v1/docs/fortanix-data-security-manager-installation-on-vmware#50-fortanix-dsm-installation)*.*

## 4.0 Configuring the VMs

Perform the following steps:

1. Log in to the VM.
2. Run the following command to update the network interface:

```bash
sudo nano /etc/network/interfaces
```

For example,

```bash
address 10.197.65.239
gateway 10.197.65.254
netmask 255.255.255.0
dns-nameserver 1.1.1.1
```

*For more information on the network interface configuration, refer to the*[*Fortanix Data Security Manager Installation Guide - On-Prem*](https://support.fortanix.com/v1/docs/fortanix-data-security-manager-installation-guide-on-prem#42-network-configuration)*.*
3. Run the following command to update the hostnames of other nodes that are required to be added to the cluster:

```bash
sudo nano /etc/hostname
sudo nano /etc/hosts
sudo reboot
```
  - To set the `hostname` on each node, in the `/etc/hostname` file, remove `sdkms-server` and replace it with the intended hostname.
  - In the `/etc/hosts` file, add the corresponding IP address, hostname, and/or FQDN.
4. Save the changes.
5. Run the following command to restart the networking to reflect the saved changes:

```bash
sudo systemctl restart networking
```

## 5.0 Fortanix DSM Installation

Perform the following steps:

1. Log in to the required node with the same IP address configured in [*Section 4: Configuring the VMs*](/v1/docs/fortanix-data-security-manager-installation-on-vmware#40-configuring-the-vms).
2. For step-by-step instructions on setting up the deployment-specific configuration file during Fortanix DSM installation and configuration, *refer to the*[*Fortanix Data Security Manager Installation Guide - On-Prem*](https://support.fortanix.com/v1/docs/fortanix-data-security-manager-installation-guide-on-prem#53-begin-fortanix-dsm-configuration)*.*
3. For information on the certificate installation and signing process, *refer to the*[*Fortanix Data Security Manager Installation Guide – On-Prem*](https://support.fortanix.com/v1/docs/fortanix-data-security-manager-installation-guide-on-prem#55-install-certificates).

> [!NOTE]
> NOTE
> 
> There is no requirement for cleanup and installation, as the upload of the OVA package will automatically initiate the build installation.

### 5.1 Configure Other Nodes for Joining the Cluster

After completing the installation, run the following command to join all other nodes to the cluster:

```bash
sudo sdkms-cluster join --peer=cluster ip --token=<token_id> --self=node ip
```

Here,

- Cluster IP address (`cluster ip`) corresponds to the node’s IP address on which the cluster was created. Specify it with the subnet.
- The node IP (`node ip`) address corresponds to the IP address of the joining node.

## 6.0 Backup and Restore on VMWare

The backup and restore process remains exactly the same as other Fortanix DSM hardware-based deployments. But when deployed on VMWare, on VMs without SGX capability, a deployment key is created in software. This deployment-key is not backed-up to the backup location along with the backup data due to security reasons.

*For more information on configuring the backup, refer to*[*Fortanix Data Security Manager Backup and Restore*](https://support.fortanix.com/hc/en-us/sections/11563289762964-Backup-and-Restore-Manual)*.*

> [!NOTE]
> NOTE
> 
> Deployment-key is required to restore the backup in case the cluster is being reset/re-created. Hence the deployment key must be backed-up in a safe location. Backup cannot be restored (will be rendered unusable) without this deployment key during the restoration process.

1. Run the following command to locate the deployment key:

```bash
$ kubectl get secrets sdkms-deployment-key-store
```
2. Run the following command to create a deployment key from the previous backup stored in a safe location:

```bash
$ kubectl get secrets sdkms-deployment-key-store -o yaml > sdkms-deployment-key-store.yaml
```

Save `sdkms-deployment-key-store.yaml` file in a secure location (do not save it along with the backup).
3. Restore the deployment key after the cluster reset. When a new cluster is created, a new random deployment key gets auto-created. But as we are restoring the cluster from the backup, we need to delete the deployment key and restore the saved deployment key.
  1. Run the following command to delete any existing deployment key (which was created after a fresh cluster):

```bash
$ kubectl delete secrets sdkms-deployment-key-store
```
  2. Run the following command to create a deployment key from a safe location:

```bash
$ kubectl create -f sdkms-deployment-key-store.yaml
```

*After the above step, the restore process can be started as documented in the*[*Fortanix DSM Restoration Guide - Automated*](https://support.fortanix.com/v1/docs/fortanix-dsm-restoration-guide-automated)*guide.*

## 7.0 Support

For production deployment of Fortanix DSM on VMware, click [here](https://fortanix.zendesk.com/hc/en-us/sections/4410270142484-DSM-Software-Release-Notes) to download the VMware OVA Software.

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

## Related

- [Fortanix DSM with EDB Postgres for TDE](/fortanix-dsm-with-edb-postgres-for-tde.md)
- [Fortanix DSM with NetApp ONTAP](/fortanix-dsm-with-netapp-ontap.md)
- [Installation from Azure Marketplace](/fortanix-data-security-manager-installation-from-azure-marketplace.md)
- [Installation Guide - On-Premises](/fortanix-data-security-manager-installation-guide-on-prem.md)
- [Sequoia-PGP](/fortanix-dsm-clients-sequoia-pgp.md)