Start-VsanEncryptionConfiguration

This cmdlet starts an encryption configuration on a vSAN cluster.

Syntax

-Cluster  <Cluster[]>
[-AllowReducedRedundancy  <Boolean>]
[-EncryptionEnabled  <Boolean>]
[-EraseDisksBeforeUse  <Boolean>]
[-KeyProvider  <KmsCluster>]
[-Server  <VIServer[]>]
[CommonParameters]

Parameters

Required Parameter Name Type Position Features Description
required
Cluster
Cluster[] named
  • wildcards
  • pipeline
  • Specifies the vSAN cluster on which you want to start the encryption configuration of the vSAN objects.
    optional
    AllowReducedRedundancy
    Boolean named This optional parameter is applicable to specific vSAN cluster reconfigure operations that need to migrate data for changing the vSAN disk format across the cluster. When specified, the process might move less data to ensure storage object accessibility, and some objects might be kept at "reduced redundancy" state, which means at a higher risk in case of a hardware failure during the migration process. The default value is $false.
    optional
    EncryptionEnabled
    Boolean named Specifies whether you want to enable or disable the encryption.
    optional
    EraseDisksBeforeUse
    Boolean named Specifies whether the disk should be formatted when a normal disk is converted to an encrypted disk, it is claimed as encrypted disk, or it runs deep rekey. If the value of this parameter is $true, every sector on the disk is written with random data. Disk cleanup reduces the possibility of data leak and increases the potential intruder's cost to reveal sensitive data. Turn the disk cleanup on only when necessary, as it takes long time to finish. If the value of this parameter is $false, the disk will not be formatted.
    optional
    KeyProvider
    KmsCluster named
  • wildcards
  • Specifies the key provider you want to use for the encryption.
    optional
    Server
    VIServer[] named
  • wildcards
  • Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.

    -Cluster  <Cluster[]>
    [-AllowReducedRedundancy  <Boolean>]
    [-DeepRekey]
    [-Server  <VIServer[]>]
    [CommonParameters]

    Parameters

    Required Parameter Name Type Position Features Description
    required
    Cluster
    Cluster[] named
  • wildcards
  • pipeline
  • Specifies the vSAN cluster on which you want to start the encryption configuration of the vSAN objects.
    optional
    AllowReducedRedundancy
    Boolean named This optional parameter is applicable to specific vSAN cluster reconfigure operations that need to migrate data for changing the vSAN disk format across the cluster. When specified, the process might move less data to ensure storage object accessibility, and some objects might be kept at "reduced redundancy" state, which means at a higher risk in case of a hardware failure during the migration process. The default value is $false.
    optional
    DeepRekey
    SwitchParameter named Specifies that you want to perform a deep rekey operation. When a deep rekey operation runs, all disks are re-encrypted with new data encryption keys. The deep rekey operation takes long time to finish.
    optional
    Server
    VIServer[] named
  • wildcards
  • Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.

    -Cluster  <Cluster[]>
    [-AllowReducedRedundancy  <Boolean>]
    [-Server  <VIServer[]>]
    [-ShallowRekey]
    [CommonParameters]

    Parameters

    Required Parameter Name Type Position Features Description
    required
    Cluster
    Cluster[] named
  • wildcards
  • pipeline
  • Specifies the vSAN cluster on which you want to start the encryption configuration of the vSAN objects.
    optional
    AllowReducedRedundancy
    Boolean named This optional parameter is applicable to specific vSAN cluster reconfigure operations that need to migrate data for changing the vSAN disk format across the cluster. When specified, the process might move less data to ensure storage object accessibility, and some objects might be kept at "reduced redundancy" state, which means at a higher risk in case of a hardware failure during the migration process. The default value is $false.
    optional
    Server
    VIServer[] named
  • wildcards
  • Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.
    optional
    ShallowRekey
    SwitchParameter named
  • wildcards
  • Specifies that you want to perform a shallow rekey operation. When a shallow rekey operation runs, only the key encryption key (KEK) is changed and the data encryption keys (DEKs) are rewrapped with new key encryption keys.

    Output

    Examples


    Example 1

    Start-VsanEncryptionConfiguration -Cluster $vsanCluster -EncryptionEnabled $true -KeyProvider 'ThalesCluster'

    Enables the encryption on the $vsanCluster vSAN cluster with 'ThalesCluster' as the key provider.

    Example 2

    Start-VsanEncryptionConfiguration -Cluster $vsanCluster -EncryptionEnabled $false

    Disables the encryption on the $vsanCluster vSAN cluster.

    Example 3

    Start-VsanEncryptionConfiguration -Cluster $vsanCluster -DeepRekey

    Performs a deep rekey operation on all disks of the $vsanCluster vSAN cluster. All data on the disks is re-encrypted.

    Example 4

    Start-VsanEncryptionConfiguration -Cluster $vsanCluster -ShallowRekey

    Performs a shallow rekey operation on all disks of the $vsanCluster vSAN cluster. All data encryption keys are rewrapped with a new key encryption key. Data on the disks is not re-encrypted.

    Related Commands

    Feedback

    Was this page helpful?