Operational Defect Database
BugZero updated this defect 48 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 52083
Enable AES Native Instructions (AESNI) in BIOS for vSAN Encryption
Last update date:
4/1/2024
Affected products:
vSAN
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Symptoms
If Advanced Encryption Standard-New Instructions(AES-NI) is not enabled in BIOS, vSAN Encryption (as well as virtual machine encryption) cannot use hardware acceleration to encrypt and decrypt data. Therefore, dramatic CPU utilization increases can be observed when encryption is enabled. The vSAN Health UI also detects and reports that AESNI is not enabled.
Purpose
The purpose of this article is to enable AESNI to speedup encryption and decryption and reduce CPU and power usage when encryption is enabled.
Cause
If AESNI is not enabled in BIOS, the encryption library in ESXi kernel cannot use hardware acceleration to speedup encryption and decryption.
Resolution
To workaround this issue, enters the BIOS menu when the host boots and enable AESNI.Note: By default, most modern machines have AESNI enabled. Some of the BIOS do have the options to enable AESNI. When such option is not available in BIOS, it usually means that AESNI is always enabled.
