vSAN Encryption KMS info retrieval

A few years ago I wrote a blog post about “Replacing vCenter with vSAN Encryption Enabled“. For this particular exercise, one key piece of information needed to be retrieved was the kmipClusterId. A couple of things have changed since then, in newer version of vSAN. Change #1: ESXCLI commands An easier way to retrieve this … Continue reading vSAN Encryption KMS info retrieval

What’s new on vSAN Encryption 6.7 U1?

I’ve written a few blog posts in the past about vSAN Data at Rest Encryption (D@RE). These posts explain how encryption works, and how the keys are handed over to vSphere. Go here for more info. For vSAN D@RE to work properly, ESXi hosts need to be able to reach the KMS cluster during reboot operations. … Continue reading What’s new on vSAN Encryption 6.7 U1?

Considerations when Enabling vSAN Encryption

In previous posts, I talked about vSAN Encryption architecture, and how to enable such feature. However, there are a couple of considerations aside from the requirements that should be taken into account prior to enabling vSAN Encryption. BIOS Settings: With most deployments, whether it is vSphere, or vSAN; I’ve noticed that BIOS settings are often … Continue reading Considerations when Enabling vSAN Encryption

Replacing vCenter with vSAN Encryption Enabled

In my previous post, I talked about vSAN Encryption configuration, and key re-generation among other topics. On that post you can see that there is a trust relationship amongst the vCenter and KMS server/cluster. But what happens if my vCenter dies, gets corrupted, or I simply want to build a new vCenter and migrate my … Continue reading Replacing vCenter with vSAN Encryption Enabled