#StorageMinute – vSAN Data Encryption and Performance

Welcome back to the #StorageMinute series, where you can depend on learning impactful facts about storage in one to two minutes. In a digital age, the rise of hackers and cybercriminals is constantly working to find new ways to exploit personal and confidential data. Data security is critical to public and private sectors organization. Administrators must secure data, and one way this is achieved is through data encryption. vSAN encryptions services encrypt everything in the vSAN datastore. All data is encrypted, so all virtual machines and their corresponding data are protected.

For vSAN environments, enabling encryption services is relatively easy, but a common question often arises. How does each work? And do they affect the performance of  vSAN clusters? Tune in to this episode of Storage Minute on vSAN data encryption and performance to learn. There are two types of optional cluster services:

  • vSAN Data-at-rest: This service encrypts data as it’s written to the storage device. When data is destaged, data-at-rest encryption decrypts and then re-encrypts the data when it arrives at the capacity tier. 
  • vSAN Data-in-transit: In-transit encryption secures data as it travels between hosts through host uplinks. Before its flight, data is encrypted. Once it arrives at its destination, it is decrypted by the new host. 

You can opt to use these two services together or independently to create a fully encrypted environment. You can rest assured that your data is fully secure from the storage and caching tiers and to the network. 

Data security is vital, but teams may be reluctant to make that tradeoff if it comes at the expense of performance. Understanding what to look for and factors that influence that answer check out  Tech Zone’s comprehensive blog about vSAN data encryption services and their relationship to cluster performance for more information. 

Tune in next time to  #StorageMinute for more great, quick tips.