vSAN skyline health alert "Dual encryption applied to VMs on vSAN"
search cancel

vSAN skyline health alert "Dual encryption applied to VMs on vSAN"

book

Article ID: 435624

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

Symptoms:

  • Following alarm is triggered in vSAN cluster "Dual encryption applied to VMs on vSAN" for one or more VM's in the vSAN cluster.
  • Navigate to the vSAN Cluster > Monitor > vSAN > Skyline health > Finding > Click on troubleshoot to identify the VM's.

 

Environment

VMware vSAN [ All Versions]

Cause

The condition is triggered by overlapping cryptographic configurations, specifically when a virtual machine utilizing a VM Encryption policy is placed on a vSAN datastore that already has vSAN Data-at-Rest Encryption enabled causing redundant hypervisor and datastore level cryptographic operations.

Resolution

If double-encryption is not explicitly required, remove the VM-level encryption to restore performance efficiency:

Option 1: If double-encryption is not explicitly required for compliance, remove the VM-level encryption:

  1. Power off the affected Virtual Machine.

  2. Right-click the VM and select VM Policies > Edit VM Storage Policies.

  3. Reassign the VM to a storage policy that does not have VM Encryption enabled (e.g., the default vSAN Storage Policy).

Option 2: If dual encryption is strictly required, silence the health check:

  1. In the vSphere Client, navigate to the "Dual encryption applied to VMs" finding in vSAN Skyline health section.

  2. Click Silence Alert to acknowledge and hide the warning.

Powered by Wolken Software