Change default KMS port on Nutanix

Nutanix AOS supports data at rest encryption for past several years. On early Nutanix AOS releases, encryption feature was supported only with specialized hardware (SED drives) and external KMS systems. Since Nutanix AOS 5.9, you can leverage software encryption and Local Key Management System (LKMS)

To have a fully supported encryption feature, Nutanix AOS have to have access to the Key Management System. The solution supports external KMS or internal (software based) LKMS integrated with Prism. If you would like to read more about Nutanix native key management system, read one of my previous blog posts.

Default port which is used by Nutanix AOS to connect to Key Management System is 5696. However, you can modify configuration to use different port. It is available from ncli command line.

The command line syntax is:
key-management-server get name=<KMS_NAME>
to get details about existing KMS configuration

To update KMS configuration (in this case, port number), use
key-management-server update address-list IP_Address:port_number

$: key-management-server get name=SKLM
Server Name               : SKLM
    Server UUID               : 57bf-42b5-8dc6-fbb04538abf2
    Active                    : yes

        Address                   : 192.168.56.26
        Port                      : 5696

        Address                   : 192.168.56.27
        Port                      : 5696