Data at rest full-disk encryption (FDE) protects data on the physical hard drives in case the drives are compromised. The disks are only readable with the appropriate encryption key.
In VMware SQL with MySQL for Tanzu Application Service, data at rest full-disk encryption is implemented at the IaaS level.
Once a disk is mounted and used, it is readable from the system on which it is mounted. Consequently, FDE does not offer protection against an attack on a running server after the disk has been mounted.
Data at rest FDE is supported by the popular IaaS providers. FDE is enabled on all disks used by the IaaS.
The process is IaaS-specific. For information about enabling FDE for each IaaS, see the Ops Manager documentation.