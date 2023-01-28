By on •

vSAN encryption is a native HCI encryption solution built in the vSAN layer. vSAN encryption support the following features:

Data-at-Rest encryption at datastore-level.

Data-in-Transit encryption at network-level.

Configure at the cluster-level.

Hybrid and All-Flash vSAN clusters.

Now we will enable the vSAN Encryption with vSphere Native key Provider.

Go to Key Providers on Configure tab, click Add and select “Add Native Key Provider“.

Remark: In vSphere 7.0 Update 2 and later, you can use the built-in vSphere Native Key Provider to enable encryption technologies.

Specific the name of key provider, click “Add Key Provider“.

Now we need to backup the Encryption Keys.

Select your Key provider and click “Back UP“. The key file will be exported.

Select “Protect Native Provider data when password (Recommended)” checkbox and specific the Password, click “Back Up Key Provider“.

Go to “Edit” on Data Services.

Enable “Data-At-Rest encryption” and select your Key provider. Select “Allow reduced redundancy” checkbox, click “Apply“.

The status of Data-at-rest encryption shows enabled.

