This cmdlet starts an encryption configuration on a vSAN cluster.The encryption configuration includes the following actions: - Activate or deactivate the encryption- Change the key provider- Perform a deep rekey- Perform a shallow rekey
Syntax
Start-VsanEncryptionConfiguration
-Cluster
< Cluster[] >
[-AllowReducedRedundancy
< Boolean > ]
[-DeepRekey
]
[-ProgressAction
< ActionPreference > ]
[-Server
< VIServer[] > ]
[CommonParameters]
Parameters
Required
Parameter Name
Type
Position
Features
Description
required
Cluster
Cluster[]
named
pipeline
wildcards
Specifies the vSAN cluster on which you want to start the encryption configuration of the vSAN objects.
optional
AllowReducedRedundancy
Boolean
named
This optional parameter is applicable to specific vSAN cluster reconfigure operations that need to migrate data for changing the vSAN disk format across the cluster. When specified, the process might move less data to ensure storage object accessibility, and some objects might be kept at "reduced redundancy" state, which means at a higher risk in case of a hardware failure during the migration process. The default value is $false.
optional
DeepRekey
SwitchParameter
named
Specifies that you want to perform a deep rekey operation. When a deep rekey operation runs, all disks are re-encrypted with new data encryption keys. The deep rekey operation takes long time to finish.
optional
ProgressAction
ActionPreference
named
optional
Server
VIServer[]
named
wildcards
Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.
Start-VsanEncryptionConfiguration
-Cluster
< Cluster[] >
[-AllowReducedRedundancy
< Boolean > ]
[-EncryptionEnabled
< Boolean > ]
[-EraseDisksBeforeUse
< Boolean > ]
[-KeyProvider
< KeyProvider > ]
[-ProgressAction
< ActionPreference > ]
[-Server
< VIServer[] > ]
[CommonParameters]
Parameters
Required
Parameter Name
Type
Position
Features
Description
required
Cluster
Cluster[]
named
pipeline
wildcards
Specifies the vSAN cluster on which you want to start the encryption configuration of the vSAN objects.
optional
AllowReducedRedundancy
Boolean
named
This optional parameter is applicable to specific vSAN cluster reconfigure operations that need to migrate data for changing the vSAN disk format across the cluster. When specified, the process might move less data to ensure storage object accessibility, and some objects might be kept at "reduced redundancy" state, which means at a higher risk in case of a hardware failure during the migration process. The default value is $false.
optional
EncryptionEnabled
Boolean
named
Specifies whether you want to activate or deactivate the encryption.
optional
EraseDisksBeforeUse
Boolean
named
Specifies whether the disk should be formatted when a normal disk is converted to an encrypted disk, it is claimed as encrypted disk, or it runs deep rekey. If the value of this parameter is $true, every sector on the disk is written with random data. Disk cleanup reduces the possibility of data leak and increases the potential intruder's cost to reveal sensitive data. Turn the disk cleanup on only when necessary, as it takes long time to finish. If the value of this parameter is $false, the disk will not be formatted.
optional
KeyProvider
KeyProvider
named
wildcards
Specifies the key provider you want to use for the encryption.
optional
ProgressAction
ActionPreference
named
optional
Server
VIServer[]
named
wildcards
Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.
Start-VsanEncryptionConfiguration
-Cluster
< Cluster[] >
[-AllowReducedRedundancy
< Boolean > ]
[-ProgressAction
< ActionPreference > ]
[-Server
< VIServer[] > ]
[-ShallowRekey
]
[CommonParameters]
Parameters
Required
Parameter Name
Type
Position
Features
Description
required
Cluster
Cluster[]
named
pipeline
wildcards
Specifies the vSAN cluster on which you want to start the encryption configuration of the vSAN objects.
optional
AllowReducedRedundancy
Boolean
named
This optional parameter is applicable to specific vSAN cluster reconfigure operations that need to migrate data for changing the vSAN disk format across the cluster. When specified, the process might move less data to ensure storage object accessibility, and some objects might be kept at "reduced redundancy" state, which means at a higher risk in case of a hardware failure during the migration process. The default value is $false.
optional
ProgressAction
ActionPreference
named
optional
Server
VIServer[]
named
wildcards
Specifies the vCenter Server systems on which you want to run the cmdlet. If no value is provided or $null value is passed to this parameter, the command runs on the default servers. For more information about default servers, see the description of the Connect-VIServer cmdlet.
optional
ShallowRekey
SwitchParameter
named
wildcards
Specifies that you want to perform a shallow rekey operation. When a shallow rekey operation runs, only the key encryption key (KEK) is changed and the data encryption keys (DEKs) are rewrapped with new key encryption keys.
Performs a shallow rekey operation on all disks of the $vsanCluster vSAN cluster. All data encryption keys are rewrapped with a new key encryption key. Data on the disks is not re-encrypted.
