You can enable encryption when you configure a new vSAN cluster.
- Required privileges:
- You must have set up a KMS cluster and established a trusted connection between vCenter Server and the KMS.
- Navigate to an existing cluster.
- Click the Configure tab.
- Under vSAN, select Services and click the Encryption Edit button.
- On the vSAN Services dialog, enable Encryption, and select a KMS cluster.
Note: Make sure the Erase disks before use check box is deselected, unless you want to wipe existing data from the storage devices as they are encrypted.
- Complete your cluster configuration.
Encryption of data at rest is enabled on the vSAN cluster. vSAN encrypts all data added to the vSAN datastore.