W11 Enable vTPM in VMware Horizon
This blog covers a step-by-step action plan to enable the vTPM on Horizon with instant clones and Windows 11. Before going further by reading this blog post. There are certain requirements before enabling the vTPM in the desktop pool.
In my case, i’m working on a test environment with VMware Workstation, nested with ESXi and vCenter. Therefore i need to enable vTPM in VMware Workstation and vCenter. I wrote a blog about it, please follow the link to get more information.
so, after adding the vTPM and installing the Windows guest OS, it is time so see if we can add the vTPM on Horizon.
to enable vTPM it is not enough to deploy a new snapshot or machine with the vTPM enabled. In my case i did the test with enrolling a new created machine with the vTPM added in Horizon without changing any other settings in the desktop pool.
The picture above shows that the new created machine has no encryption.
Also within the guest os, during a session there is no vTPM connected. You can see this by going to the Windows security setting and check under the “Security Processor” part.
After confirming that the vTPM don’t work only if you add the vTPM to the master image. It is time to create a new desktop pool with the option “vTPM” enabled.
At step 6. (provisioning settings) enable the option “Add vTPM Device to VMs”
The following warning will appear when enabling the option to add the vTPM. There are some consequence when using this on a production environment. I’m only testing in my test environment so there is no impact for users. While choosing to enable vTPM it is at your own Risk and responsibility.
Proceed with the steps to create a desktop pool
Machines are deployed within the new created desktop pool. Let’s see if the vTPM has been added within vCenter
So within vCenter, the vTPm has been added. Let’s see how this looks within the guest OS.