Feature/Function | vSAN Encryption | VMcrypt Encryption |
Uses an external key-management server (KMS) | √ | √ |
Per-VM Encryption | X | √ |
Whole-datastore encryption | √ | X |
Data-at-rest encryption | √ | √ |
End-to-end encryption | X | √ |
VMs encrypted by | Placement on datastore | Storage Policy |
Encryption occurs* | After deduplication | Before deduplication |