Data-in-transit encryption - Configuration check for vSAN
search cancel

Data-in-transit encryption - Configuration check for vSAN

book

Article ID: 315521

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

This article explains the vSAN data-in-transit encryption configuration health check in the vSAN Health/Skyline Health UI and provides details on why it reports an issue.

Environment

VMware vSAN 7.0.x

Resolution

Q: What does this health check do?

A: This health check will check if data-in-transit encryption is configured properly for the cluster. It only performs this health check when data-in-transit encryption is enabled on the cluster.

Q: What does it mean if it shows an error state?

A: When data-in-transit encryption is enabled on a cluster, all hosts are required to have data-in-transit encryption enabled and return normal states to the health check, as well as have consistent rekey intervals with the current cluster setting. Otherwise, the network traffic in this cluster may not be properly encrypted. If this health check fails, it means that not all hosts have a configuration that is consistent with the cluster-level data-in-transit encryption configuration. Details of the specific issue(s) triggering the health alert will be displayed in the result table of this health check.

Q: How to fix the error state?
A: Follow the instructions in the Recommendation column.