Have a Nutanix cluster using Vormetric Key Management and SED's.
The test is disconnect the Key mangers from the network - and do a power off reboot to a Nutanix Node.
We expected the machine to come up with ESXi from the SATADOM boot - but there were a CVM also loaded. All of the cluster services were down and the node wasn't functional - but we were surprised to see the CVM has started.
Is this expected behavior? Our understanding was that the CVM was stored on the drives (which should have been locked) or did we just see the SVMBOOT portion of the CVM and it wasn't really all there?
Thanks for any feedback.
Best answer by bezeddin
so whenever KMIP disconnected from the box CVM will always able to start
communication between ESXi and CVM boot partition not encrypted
data is only encrypted when they touch SED drives
you can try by unmount the SED drives and mount it to another system