VMware Cloud Community
KuotaiDavidSu
Enthusiast
Enthusiast
Jump to solution

Question about Data At Rest Encryption and vSphere Replication

All,

Thank you in advance. I am wondering if I have a storagge such as Pure All-Flash-Array encrypt our VMs, and I replicate them to VSAN in DR site, what would happen? Those VMs will keep encrypted, or will be unenctypted, or it is not possible at all?

Thanks

1 Solution

Accepted Solutions
TheBobkin
Champion
Champion
Jump to solution

Hello KuotaiDavidSu​,

vSAN encryption occurs at the Disk-Group level so whether encryption is enabled on the target and/or destination site determines this.

vSAN Encryption will work just the same whether using vSphere Replication or any other similar feature/product - it essentially gets un-encrypted at source then re-encrypted at destination (when enabled at both sites):

https://blogs.vmware.com/virtualblocks/2017/06/29/vsan-encryption-vsphere-replication-srm-just-works...

  • All vSphere features including VMware vSphere vMotion®, VMware vSphere Distributed Resource Scheduler™ (DRS), VMware vSphere High Availability (HA), and VMware vSphere Replication™ are supported with vSAN Encryption.

vSAN 6.6 - Native Data-at-Rest Encryption - Virtual Blocks

Bob

View solution in original post

2 Replies
TheBobkin
Champion
Champion
Jump to solution

Hello KuotaiDavidSu​,

vSAN encryption occurs at the Disk-Group level so whether encryption is enabled on the target and/or destination site determines this.

vSAN Encryption will work just the same whether using vSphere Replication or any other similar feature/product - it essentially gets un-encrypted at source then re-encrypted at destination (when enabled at both sites):

https://blogs.vmware.com/virtualblocks/2017/06/29/vsan-encryption-vsphere-replication-srm-just-works...

  • All vSphere features including VMware vSphere vMotion®, VMware vSphere Distributed Resource Scheduler™ (DRS), VMware vSphere High Availability (HA), and VMware vSphere Replication™ are supported with vSAN Encryption.

vSAN 6.6 - Native Data-at-Rest Encryption - Virtual Blocks

Bob

KuotaiDavidSu
Enthusiast
Enthusiast
Jump to solution

Thanks, In that case, Data-At-Rest Encryption will generate more traffic for remote replication because the un-encryption generates a lot of change data.

Reply
0 Kudos