VMware Cloud Community
jaaaam24
Contributor
Contributor
Jump to solution

How to determine if and when vSAN 6.6 encryption completes?

After enabling encryption on the vSAN cluster (with existing data in place) using a properly configured Keysecure KMS how do you determine when all disks are encrypted. Configuration from the GUI reports finished successfully in a few minutes, but the encryption process has to take some amount of time.

Are there any logs to view or dashboard status that would indicate whats encrypted?

Thanks!

1 Solution

Accepted Solutions
TheBobkin
Champion
Champion
Jump to solution

Hello jaaaam24​,

Welcom to Communities.

You can check via the CLI on each host to see how many of the disks have completed the encryption process:

# esxcli vsan storage list | grep Encryption

This should return 'Encryption: true' for all disks once complete.

IIRC there should also be a tab for Encryption status of each disk via the Web Client when this is configured:

Cluster > Configure > vSAN > Disk Management

Bob

View solution in original post

6 Replies
GreatWhiteTec
VMware Employee
VMware Employee
Jump to solution

You should see the on-disk format % under Configure>General. Once the DGs have been removed, re-formatted, and re-mounted, the operation is complete. Data will be migrated while the DGs are going through the rolling format.

TheBobkin
Champion
Champion
Jump to solution

Hello jaaaam24​,

Welcom to Communities.

You can check via the CLI on each host to see how many of the disks have completed the encryption process:

# esxcli vsan storage list | grep Encryption

This should return 'Encryption: true' for all disks once complete.

IIRC there should also be a tab for Encryption status of each disk via the Web Client when this is configured:

Cluster > Configure > vSAN > Disk Management

Bob

jaaaam24
Contributor
Contributor
Jump to solution

Thank you for the quick response! The replies are exactly what I was searching for!

For the logs question, which log could you monitor for issues or success initializing the encryption process?

Thanks!

Reply
0 Kudos
TheBobkin
Champion
Champion
Jump to solution

Hello jaaaam24​,

As always, likely /var/log/vmkernel.log unless there is some encryption-specific log that I am unaware of.

Bob

vHaridas
Expert
Expert
Jump to solution

Everyone has provided you correct answer, just to add to that, Along with vSAN Health Plugin you use PowerCLI scripts created by Jase McCarty to monitor vSAN Encryption status.

I found it very useful while implementing vSAN Encryption.

I have documented vSAN Encryption details at below URL.

Virtual Admin: vSAN Encryption Implementation & Monitoring

Thanks,

Haridas

Please consider awarding points for "Correct" or "Helpful" replies. Thanks....!!! https://vprhlabs.blogspot.in/
sagarnikam123
Contributor
Contributor
Jump to solution

Reply
0 Kudos