In vSAN 6.6, encryption is a new datastore level setting. vSAN Encryption is a datastore, or cluster-wide, level setting applied to all VM components in the cluster. This feature solves the concern of media theft. An advantage of the cluster wide setting is that deduplication and compression are applied prior to the encryption. This provides space savings benefit over the vSphere 6.5 Encryption option. Like vSphere Encryption, a KMIP-compliant Key Management Server like CloudLink or Hytrust must be used in conjunction with vSAN Encryption. vSAN encryption is FIPS 140-2 Level 1, AES 256 compliant.