VMware Cloud Community
DC28
Contributor
Contributor

Impact of VSan Data-At-Rest Encryption

First time implementing Data-At-Rest encryption and was curious about a couple of things.

Would utilizing vSAN encryption-at-rest impact any of the following:

  • Losing a host
    • Maintenance
    • Failure
  • Shutdown procedures
  • Power on procedures
    • After clean shutdown
    • After a failure shutdown, such as a power outage
  • VxRail Upgrades

Basically would having it enabled change anything about the normal processes above?  Thanks.

Reply
0 Kudos
1 Reply
TheBobkin
Champion
Champion

@DC28 , I can't really think of any aspect of DaR encryption that would impact/change any of the things you mentioned - what this feature basically does is establishes an encrypted connection between the nodes and based off their SSL certs (e.g. to confirm they are who they say they are vs the thumbprint info stored in the vSAN unicastagent list stored on each node), it doesn't utilise a KMS or anything like that so it really doesn't have many dependencies (other than cert info on nodes when updated getting refreshed on all nodes unicastagent lists).