vSAN Encryption

mutthu · ‎03-20-2022

VMware version 6.5 above supports VM encryption, and it is suitable fr traditional storage-based VMs. vSAN is supporting data#rest and data-in-transit.
Do we still need VM encryption if we use vSAN? Is there any performance impact if we do both?

zeroboy · ‎03-21-2022

Hi @mutthu

I would NOT recommend turning on both (VM and VSAN Datastore) encryption features. Every encryption and decryption process will have to be done twice. e.g. more work for the CPU.

Also, if you use deduplication with VSAN, do not go for VM encryption, as your dedup rate will drastically go down.

Anyways: VM encryption will give you the possibility of encrypting just the VMs you want to be encrypted, while VSAN encryption will encrypt everything you put in there.

Check out this KB https://kb.vmware.com/s/article/2148947

mutthu · ‎03-21-2022

Thank you for the link. If I understood the vSAN encryption, it encrypts the storage, not the vmdk files. But the, VMcrypt encrypts the vmdk files, so it will not be helpful if someone steals the vmdk file. I am correct?

zeroboy · ‎03-22-2022

correct.

All

vSAN Encryption

vSAN