Database encryption is still not supported, to my knowledge. That aside, since you're on Windows-based vCenter/PSC, you should probably be aware (and maybe you are) that there will be only the appliance moving forward after 6.7.
Thank you for the reply. Have you seen any recent documentation (vendor would be great) on the subject? I have been reading through some of the best practice white papers and I still haven't found something that states it plainly.
And yea, we are in the process of moving the Windows based environment over to VCSA (we have 2 production environments running them now and 1 left to migrate). Sooo looking forward to not having to deal with Windows based anymore...if nothing else for the patching.
I've not seen any official documentation that specifically calls out encryption of the vCenter (or View, for that matter) database. And, honestly, you're the first person I've heard of to ask for that. What would be the use case for this since vCenter doesn't contain any sensitive user data. Is this a case of perceived "security through obscurity" or something similar? Functionally, when talking about the vCSA, I'm not even sure how you could go about doing so. Even if you could, I can't imagine it would be a very good idea for a number of reasons.
I believe it is related to the STIG (SQL Server must employ cryptographic mechanisms preventing the unauthorized disclosure of information at rest. ). Since the VCDB contains information such as configurations, the security folks are asking about encrypting the data. They also asked about the View Events database which I believe I have them convinced not to worry about that information since it is just username and machine name...and is overwritten often. They asked about the View Composer DB as well, but they didn't seem too concerned about that after I convinced that the data there is also fairly volatile.
I have also told them that once we finish migrating this last environment to VCSAs, we will be using the internal Postgres DB and this encryption worry will not longer be a concern. I was just looking for some kind of documentation to fend things off until the end of the year when we are scheduled to move this last environment over to appliances.