VMware vSphere 8.x Advanced Design (VCAP-DCV Design) — Question 73

An architect is discussing the design of a vSphere solution with a customer. The following requirements have been defined for the solution:
The solution must provide data encryption at rest
The solution must provide the ability to reduce the amount of storage consumed from duplicate data
The solution must minimize the amount of resources consumed by the encryption process.
The architect has made a design decision that VM Encryption will be used to meet these requirements.
Which two implications should the architect include in the design in relation to this design decision? (Choose two.)

Answer options

• A. Encryption is a CPU-intensive feature. Resource Pools should be used to assign shares to the encrypted VMs.
• B. When data is encrypted by the storage device, the effectiveness of de-duplication on the storage will be unaffected.
• C. Encryption is a CPU-internsive feature. The ESXi hosts should use the AES-NI BIOS setting to improve the performace of encryption and reduce CPU utilization.
• D. Encryption is a memory-intensive feature. The ESXi hosts should use the AES-NI BIOS setting to improve the performance of encryption and reduce memory utilization.
• E. When data is encrypted by the ESXi host, the effectiveness of de-duplication on the storage may be reduced.

Correct answer: C, E

Explanation

Option C is correct because VM Encryption is indeed CPU-intensive, and enabling the AES-NI BIOS setting can optimize performance and alleviate CPU load. Option E is also correct since encryption at the ESXi host level can impair the effectiveness of de-duplication. Options A and D are incorrect as they misrepresent the resource utilization characteristics of encryption, and option B is incorrect because it does not accurately describe the impact of host-level encryption on de-duplication.