Product : VMware, vSAN [SDS]/6.7 U3, Advanced
Feature : Data Encryption Options, Security, Data Services
Content Owner:  Herman Rutten
Summary
Hardware: N/A
Software: HyTrust DataControl (validated)
Details
Hardware: vSAN does no longer support self-encrypting drives (SEDs).

Software: vSAN supports native data-at-rest encryption of the vSAN datastore. When encryption is enabled, vSAN performs a rolling reformat of every disk group in the cluster. vSAN encryption requires a trusted connection between vCenter Server and a key management server (KMS). The KMS must support the Key Management Interoperability Protocol (KMIP) 1.1 standard. vSAN native data-at-rest encryption is only available in the Enterprise edition.

vSAN 6.7 encryption has been validated for the Federal Information Processing Standard (FIPS) 140-2 Level 1.

VMware has also validated the interoperability of HyTrust DataControl software encryption with its vSAN platform.