vSphere 6.5 introduces a feature called vSphere VM encryption. When this feature is enabled for a VM, vSphere protects the VM data by encrypting all its contents. Encryption is done both for already existing data and for newly written data. Whenever the VM data is read, it is decrypted within ESXi before being served to the VM. Because of this, vSphere VM encryption can have a performance impact on application I/O and the ESXi host CPU usage.
We have published a whitepaper, VMware vSphere Virtual Machine Encryption Performance, to quantify this performance impact. We focus on synthetic I/O performance on VMs, as well as VM provisioning operations like clone, snapshot creation, and power on. From analysis of our experiment results, we see that while VM encryption consumes more CPU resources for encryption and decryption, its impact on I/O performance is minimal when using enterprise-class SSD or VMware vSAN storage. However, when using ultra-high performance storage like locally attached NVMe drives capable of handling up to 750,000 IOPS, the minor increase in per-I/O latency due to encryption or decryption adds up quickly to have an impact on IOPS.
For more detailed information and data, please refer to the whitepaper