vSAN Encryption Information#
You can confirm that the vSAN has encryption enabled by navigating to Nodes> Node 1> Drives and then double-clicking on the first drive in the list. There is a checkbox for encryption. If it is encrypted, it will be checked.
-
Encryption for the vSAN is configured during the initial installation only.
-
System startup on an encrypted system can be configured two different ways:
- The most common method is by having encryption keys written to a USB drive during the initial installation. In this scenario, these drives are typically plugged into the first two nodes of an encrypted system to boot normally. All other nodes do not require them, as Node 1 and Node 2 are the controller nodes. The USB drive does not require much storage at all, less than 1GB.
- If the controller nodes do not have USB encryption keys connected, the system will prompt an operator to type the proper encryption password to complete the power-up process.
- Default encryption is set for all snapshot synchronizations through a site-sync.
Information about encrypting a Site Synchronization can be found in the Product Guide
Document Information
- Last Updated: 2024-09-03
- VergeOS Version: 4.12.6