|
Name
|
Type
|
Description
|
| changing | xsd:boolean |
Whether Encryption has finished enabling or disabling operation.
When changing is true, then encryption has not finished enabling or
disabling. Changing will become false once all hosts currently in
the cluster have adapted to the current setting of encryptionEnabled.
No guarantee can be made that all data will be encrypted
until changing is false and encryptionEnabled is true.
This value can be read, but should never be set by API callers
Reconfiguring a cluster.
|
| dekGenerationId | xsd:long |
DEK generation number of the vSAN cluster.
Do not set a generation number for this when reconfiguring vSAN
encryption because such a field will be created and managed automatically
by vSAN.
|
| encryptionEnabled | xsd:boolean |
Is data encryption enabled on the cluster?
Enabling encryption on a cluster will proceed to encrypt all the hosts.
Progress of this can be tracked by the changing flag and the reconfigure
task.
Disabling encryption, will expose all previously encrypted data in the
clear.
|
| eraseDisksBeforeUse | xsd:boolean |
Whether disks should be wiped when a normal disk is converted to
encrypted disk, or a disk is claimed as encrypted disk, or a disk
runs deep rekey. If set true, every sector on a disk will be written
with random data. Disk wipe does significantly reduce the possibility
of data leak and increases the attacker's cost to reveal sensitive
data. The disadvantage of disk wipe is that it takes a long time to
finish, so turn it on through UI or API only when necessary. If not
set, disk won't be wiped.
|
| hostKeyId | xsd:string |
The Id of host key which is used for host core dump encryption.
Do not set this value when reconfiguring vSAN encryption, because
such key will be created automatically from key management server.
|
| kekId | xsd:string |
The KEK Id of the KMS cluster to use.
Do not set a key's Id for this when reconfiguring vSAN encryption,
because such key will be created automatically from key management server.
There is rare use case to put a valid key Id here, for example, when
restoring configuration for the cluster from existing running hosts.
|
| kmsProviderId | KeyProviderId |
The Id of the KMS cluster to use for vSAN Encryption. Keys will be created on
and used from this KMS. This parameter is ignored if encryption is disabled.
It must be set to a valid KMS cluster ID if encryption is enabled.
When it is already an encrypted vSAN cluster and a different value of
kmsProviderId is provided, it will switch to the new KMS cluster as specified
by new kmsProviderId. A new KEK Id will also be created in the new KMS
cluster and a shallow rekey is performed to use the new KEK.
See kmipServers and
KmipClusterInfo
|
|
Properties inherited from DynamicData |
| None |