An administrator wants to enable encryption on an existing vSAN cluster that already contains virtual machines. Which additional step should the administrator take to ensure no data is lost during the encryption process?
A.
Select 'Erase disks before use' check box when enabling encryption on a vSAN cluster.
B.
Make vCenter Server trust the KMS, either by trusting the KMS or by uploading a KMS certificate.
C.
Ensure that the vSAN Encryption is enabled by default on the existing cluster to encrypt old and new data.
D.
Disable vSphere Distributed Resources Schedule (DRS) on the vSAN cluster.
I'm going with A. I don't like this question at all. None of them really have anything to do with data not being lost, but ideally you want to wipe the disk if you're encrypting it so that all old data is also encrypted (otherwise, only new data will be encrypted).
Answer:A Recommendations for “Erase disks before use” when using vSAN Encryption are: Select “Erase disks before use” When enabling vSAN Encryption for existing vSAN clusters that have vSAN objects on them When adding a host that has data on local devices to an encrypted vSAN cluster When performing a rekey operation to invoke a deep rekey (requesting a new KEK and new unique DEKs created for each vSAN storage device) https://blogs.vmware.com/virtualblocks/2018/07/16/ve-erase-disks-before-use/
In the blogs, you can see:
What occurs when “Erase disks before use” is used?
First, it is important to understand that this does not destroy active data.
B i would choose. This is really dumb question and not clear at all. A will definitely erase all your VMs object and hence lose data and kiss all your work load vms goodbye, the answer would be A if it said de-select!! B really dont have anything to do with protecting data from lose as it is the steps for setting up the encryption, C and D are just wrong and hence im left with no choice but to chose B...below all you need to know about vsan Encryption and speaks of data erase
https://core.vmware.com/resource/vsan-encryption-services#sec7014-sub5
If you answer B, that i s a step for enabling the feature, the encryption requires that diskgroup will be reformatted. So data is lost anyway. You could only deselect "Wipe residual Data" and Allow Reduced Redundancy. Answer A could be the result for the encryptin process. But that questions does not ask for starting encryption at all.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Lazylinux
Highly Voted 3 years, 4 months agojsi928
Most Recent 1 year, 9 months agotayab
2 years, 4 months agoGodMan114
2 years, 5 months agoFISJAC
2 years, 7 months agoFISJAC
2 years, 7 months agoLazylinux
3 years, 4 months agoMosabSh
3 years, 4 months agoDSITTA
3 years, 6 months agoglannoy2
3 years, 7 months ago