I’ve written a few blog posts in the past about vSAN Data at Rest Encryption (D@RE). These posts explain how encryption works, and how the keys are handed over to vSphere. Go here for more info. For vSAN D@RE to work properly, ESXi hosts need to be able to reach the KMS cluster during reboot operations. … Continue reading What’s new on vSAN Encryption 6.7 U1?
In previous posts, I talked about vSAN Encryption architecture, and how to enable such feature. However, there are a couple of considerations aside from the requirements that should be taken into account prior to enabling vSAN Encryption. BIOS Settings: With most deployments, whether it is vSphere, or vSAN; I’ve noticed that BIOS settings are often … Continue reading Considerations when Enabling vSAN Encryption
In my previous post, I talked about vSAN Encryption configuration, and key re-generation among other topics. On that post you can see that there is a trust relationship amongst the vCenter and KMS server/cluster. But what happens if my vCenter dies, gets corrupted, or I simply want to build a new vCenter and migrate my … Continue reading Replacing vCenter with vSAN Encryption Enabled
New on vSAN 6.6, vSAN native encryption for data at rest is now available. This feature does not require self-encrypting drives (SEDs). Encryption is supported on both all-flash and hybrid configurations of vSAN, and it is done at the datastore level. It is important to note that data is encrypted during the de-staging process, which … Continue reading vSAN 6.6 Encryption Configuration
Today, one of the largest vSAN releases was announced. This release comes packed with new features, enhancements, and a lot of improvements; making vSAN 6.6 easier to deploy with enhanced performance, and a more complete HCI platform. What’s New with vSAN 6.6? Native Encryption Encryption is one of the main features for this release. This … Continue reading What’s new on vSAN 6.6