Enable AES Native Instructions (AESNI) in BIOS for vSAN Encryption
Article ID: 326495
Updated On:
Products
VMware vSAN
Issue/Introduction
The purpose of this article is to enable AESNI to speedup encryption and decryption and reduce CPU and power usage when encryption is enabled.
Symptoms:
If Advanced Encryption Standard-New Instructions(AES-NI) is not enabled in BIOS, vSAN Encryption (as well as virtual machine encryption) cannot use hardware acceleration to encrypt and decrypt data. Therefore, dramatic CPU utilization increases can be observed when encryption is enabled. The vSAN Health UI also detects and reports that AESNI is not enabled.
Symptoms:
If Advanced Encryption Standard-New Instructions(AES-NI) is not enabled in BIOS, vSAN Encryption (as well as virtual machine encryption) cannot use hardware acceleration to encrypt and decrypt data. Therefore, dramatic CPU utilization increases can be observed when encryption is enabled. The vSAN Health UI also detects and reports that AESNI is not enabled.
Cause
If AESNI is not enabled in BIOS, the encryption library in ESXi kernel cannot use hardware acceleration to speedup encryption and decryption.
Resolution
To workaround this issue, enters the BIOS menu when the host boots and enable AESNI.
Note: By default, most modern machines have AESNI enabled. Some of the BIOS do have the options to enable AESNI. When such option is not available in BIOS, it usually means that AESNI is always enabled.
Note: By default, most modern machines have AESNI enabled. Some of the BIOS do have the options to enable AESNI. When such option is not available in BIOS, it usually means that AESNI is always enabled.
Feedback
Yes
No
Powered by
