For more than a few IT shops, data-at-rest encryption is mandatory for many of their workloads. It’s one of those things that just isn’t up for discussion.
While VSAN currently supports hardware encryption that’s largely transparent to VSAN (or anything else that uses an internal storage device), many customers have expressed a desire for a more fully-featured solution that encrypts at a VM level, has sophisticated key management and policies, and can protect a VM wherever it happens to go.
To meet that need for sophisticated functionality, we’ve been partnering with HyTrust for a while. The product strikes me as a unique combination of simplicity and power — just like VSAN.
Cormac Hogan just posted a nice walk-through showing just how easy it is to set it up. A while back, Rawlinson Rivera also did a nice write-up.
Bottom line: if you’re looking at software-defined encryption to go with your software-defined data center, you should take a moment to understand what HyTrust can offer.