Author : william rogers

URL : http:////docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.virtualsan.doc/GUID-37F9636A-7481-...

Topic Name : How vSAN Encryption Works

Publication Name : Administering VMware vSAN

Product/Version : VMware vSphere/6.7

Question :

Does the host send the request for a KEK to the KMS directly, or does the request actually go through the vCenter server, and since the vCenter Server has the Key ID, it then requests the KEK identified by the Key ID from the KMS for the host?  Then would the KMS send the KEK directly to the host, or would it use the vCenter Server to pass the KEK to the host?