When considering transformation & the operationalising of a platform area as important as enterprise storage, there are numerous considerations for the enterprise.
The security of data is an obvious key concern. One feature of vSAN available since version 6.6 is the use of data at rest encryption.
Recently, I have found myself discussing the use of vSAN encryption more and more with customers.
How the software feature fits a use case? Often compared with array-based encryption or VMware VM encryption functionality.
What is needed from an operational point of view? When can you make a change? What happens when a specific component fails or event occurs?
To aid some of the conversations I have created a deep dive mind map on the subject and a useful list of links for review.
- vSAN Encryption on Storage Hub
- Official KMS Support Check Guide
- VMware FIPS-140-2 statement
- Official FAQ
VMware Blog Content
- https://blogs.vmware.com/virtualblocks/2017/04/11/vsan-6-6-native-data-at-rest-encryption/
- https://blogs.vmware.com/virtualblocks/2018/08/06/kms-profile-addressing/
- https://blogs.vmware.com/virtualblocks/2018/07/13/understanding-ve-booting-w-vc-unavailable/