vSAN1

 View Only
  • 1.  Impact of VSan Data-At-Rest Encryption

    Posted Sep 13, 2022 09:31 PM

    First time implementing Data-At-Rest encryption and was curious about a couple of things.

    Would utilizing vSAN encryption-at-rest impact any of the following:

    • Losing a host
      • Maintenance
      • Failure
    • Shutdown procedures
    • Power on procedures
      • After clean shutdown
      • After a failure shutdown, such as a power outage
    • VxRail Upgrades

    Basically would having it enabled change anything about the normal processes above?  Thanks.



  • 2.  RE: Impact of VSan Data-At-Rest Encryption

    Posted Sep 19, 2022 04:34 PM

     , I can't really think of any aspect of DaR encryption that would impact/change any of the things you mentioned - what this feature basically does is establishes an encrypted connection between the nodes and based off their SSL certs (e.g. to confirm they are who they say they are vs the thumbprint info stored in the vSAN unicastagent list stored on each node), it doesn't utilise a KMS or anything like that so it really doesn't have many dependencies (other than cert info on nodes when updated getting refreshed on all nodes unicastagent lists).