VMware vSAN ESA was actually launched in vSAN 8 back in late 2022, you can read some details here. 
Now with the addition of the Amazon i41 Metal instance type, vSAN ESA will be available in the VMware Cloud on AWS.
The i4i metal instance will be the only supported hardware to deploy a vSAN ESA Cluster on your VMC on AWS SDDC. However all cluster types will be supported-​

Since vSAN 8 ESA has been out for some time, there are a number of articles and blogs that go into the new architecture and features.
Some of the more interesting new features are:
-Lower CPU usage per IO
-ESA does not have Disk Groups, all the hosts disks will  be added to a Storage Pool, and all disks provide capacity and performance.  There is no dedicated caching disks.
-RAID-5 and RAID-6 at the performance of RAID-1
-Compression enabled by default, and 4x increased compression
-Component count per host limit is increased from 9,000 components to 27,000 components
​-support for 25GB network adapters
-Improved snapshot performance
-Data at Rest Encryption enabled
-Updated Skyline Health, based on the cluster health score
-For VMC on AWS SDDC's, different Storage Policies:
• 3-5 nodes uses RAID5/FTT = 1 for management and workload
• 6+ nodes uses RAID6/FTT = 2
For more details on the new features and architecture, check out the FAQ Page

As shown above, when running the esxcli vsan cluster get command on a host, it will show the vSAN ESA Enabled: True

Shown above, the esxcli vsan command lists the option to display the Storage Pool.

For VMC on AWS SDDC Clusters, the new Storage Policies can now provide RAID-5 FTT=1 on a 3 host cluster:

Skyline Health shows health score for the cluster, which allows you to view past health scores and select the details from the Health Findings:​

I am currently testing vSAN ESA for the VMC on AWS rollout, and I will add more details when it is released.

For more info you can watch the Virtually Speaking Podcast on vSAN 8 ESA.

Enjoy!!

I am excited to be part of the Meet the Experts panel for this VMUG Event!
Register for the event and hope to see you virtually there!
Meet the Experts
10:50 AM – 11:20 AM CT  Kubernetes for vSphere Administrators, Cormac Hogan, Director and Chief Technologist, Storage, VMware

12:35 PM – 01:05 PM CT  Implementing Tanzu in the Cloud, Kendrick Coleman, Sr. Manager, Tanzu Technical Marketing, VMware

01:35 PM – 02:05 PM CT  Upskill your IT Role to the Cloud, Mike Armstrong, Sr. Site Reliability Engineer, VMware

2:40 PM - 3:10 PM CT  Training & Certification, Damian Wraa, Director, Learning Delivery - AMER, VMware | James Robinson, Senior Staff Exam Development Manager, VMware

Reposted from February 2022
Congratulations on your vExpert Award!
I was very honored to receive another vExpert award this past year!  This made it 10 years in a row for me!!
One of the most useful perks for achieving the vExpert is given by Pluralsight   which offers a 1-year full access to its technology learning platform for vExperts and many other VIP programs.
If you are a vExpert, or other VIP, check out pluralsight.com/teach/resource/vips for details.
And congratulations to all of the 2022 vExperts!!

On my previous post, vTPM Support on vSphere Part 1, I outlined the steps to enable vTPM in a vShpere environment, to be able to support the installation of  Windows 11 virtual machines.
What does the giant cat picture above have to do with this?  Absolutely nothing!  In my free time I volunteering at a local cat sanctuary, and we are always posting silly cat pictures...Sorry....
​Anyway, back to the vTPM topic.
When you have the requirements set up, and your ESXi hosts are now in Encryption Mode, that means any core dumps and the vm-support files will be encrypted.
So on an ESXi host with encryption enabled you will get this when you run the log bundle collection with the vm-support command:

But not to worry, there are a number of good VMware documents explaining how to collect the vm-support bundles, and how to decrypt and re-encrypt them.
The VMware articles use the crypto-util utility.
Crypto-util can be launched from the root of an ESXi server, and is in /bin/crypto-util

When you run the crypto-util vm-support prolog command before vm-support, a file -vm-support-incident-key-
will appear at the top of the host support bundle.  The vm-support-incident-key file contains a the incident key which is dynamically generated each time vm-support runs, and crypto-util vm-support prolog is run before it. The incident key is encrypted/wrapped via the specified password.

Some details on the core dump files-
All encrypted core dump files include the key ID (keyID) of the key required for decryption. The keyID can be used to locate a key and its attributes from a Key Management Server (KMS), from the ESXi key cache, or from a key file.
zdump files:

• Unencrypted zdump files are the same as they always have been - A zdump header followed by data
• Encrypted zdump files contain a zdump header (with minimal information including that the core dump is encrypted), followed by an envelope header, and there the encrypted data begins. The encrypted data contains the "real" zdump header and data
• vmkdump_extract will recognize an encrypted zdump but is unable to manipulate it. It will, however, advise you as to how to decrypted the zdump

Monitor core dump files:

• Unencrypted monitor core dumps are placed in vmmcores.gz - a monitor core dump file that is compressed
• Encrypted monitor core dumps are placed in vmmcores.ve - a monitor core dump file which has been compressed and encrypted
  

I have run through the process of creating a vm-support log bundle, then using crypto-util. Not real fun, but following the steps and the VMware doc's was able to extract and get the password.

If you ever run into this I sure hope this will be helpful!