Considering using vSAN encryption but at the same time would like to utilize vTPM for some Windows 11 security features.
As per documentation, https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-6F811A7A-D58B-47B...
Virtual machine encryption (to encrypt the virtual machine home files) is a requirement.
My understanding is that vSAN encryption is not adequate and that's kind of the official response I have received from VMware.
Obviously, both vSAN encryption and VM Encryption can be utilized at the same time, but with a performance impact.
https://kb.vmware.com/s/article/2148947
Any thoughts on this?
Thank you
"My understanding is that vSAN encryption is not adequate" ??
I am not sure I understand this comment. I don't know why anyone would enable VM Encryption and vSAN Encryption at the same time, you use one or the other, not both.
Mind, if you use dedupe/compression then VM Encryption would more or less make this useless as all data would be random and mostlikely cannot be compressed or deduped.
The "not adequate" part was referring to vTPM encryption.
So as per VMware, VM encryption is required if you desire to utilize any vTPM capabilities. Going by that logic, and your comments (depping), if you wish to utilize vTPM, then using only VM encryption is the way to go
