#StorageMinute: vSAN Encryption and Key Rotation

#StorageMinute: vSAN Encryption and Key Rotation


Welcome to the VMware Storage Minute Series. In this video we’re going to take a look at
how easy it is to re-key a vSAN cluster that has encryption enabled. vSAN makes the process of Key Rotation very
simple. Simply click generate new encryption keys
in the vSAN configuration interface. A shallow re-key is created by clicking generate. This process requests a new key encryption
key from the configure key management server. This is a quick process that takes only a
few seconds. A deep re-key is performed by clicking generate
and then also choosing to re-encryption all data on the storage using the new keys. The process requests the new key encryption
key as well as performs a rolling disk group of evacuation and generation of a new data
encryption key. VMware recommends a key rotation strategy
that aligns with your business security practices. Rest assured though, that VMware’s FIPS 140-2
validated encryption will keep your data safely encrypted. For more information click the link below.

Leave a Reply

Your email address will not be published. Required fields are marked *