VM encryption on a vSAN Cluster

MJMVCIX · ‎09-28-2022

Hi All,

Regarding VM encryption, i am aware that on vSAN you can select DITE and DARE whereby DARE encrypts the whole vSAN Datastore.

An alternative to this is VM encryption whereby you can encrypt individual VMs by changing the Storage Policy to the Encryption storage policy and apply to the VM or individual Disk.

My question is, if you have a vSAN Cluster with the vSAN Storage Policies applied to VMs and you only need to encrypt 1 VM with its disks:
- Can you do this?
- Or if you have vSAN enabled on the cluster, is the only encryption option available to encrypt the whole datastore with DARE?

Thanks,

muakhtar · ‎09-28-2022

https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.virtualsan.doc/GUID-F3B2714F-3406-4...

Munib Akhtar
VCP-DCV/VCP-DTM/VXRAIL
Please mark help full or correct if my answer is use full for you

VM_Yamato · ‎09-30-2022

My question is, if you have a vSAN Cluster with the vSAN Storage Policies applied to VMs and you only need to encrypt 1 VM with its disks:
- Can you do this? - No. The vSAN datastore Encryption work for every VMs in the vSAN datastore.
- Or if you have vSAN enabled on the cluster, is the only encryption option available to encrypt the whole datastore with DARE? - Yes, very simple. Enable = encrypt a whole vSAN datastore as D@RE.

Yamato Sakai
Technical Training Instructor | Dell Technologies Education
VCP-DCV 5,6.x, 2020, 2021
VCIX-DCV
VCIX-NV
vSAN HCI Master Specialist