vSAN must reserve space to complete internal maintenance operations.

vSAN Operations Reserve capacity setting helps ensure that vSAN always has sufficient free space to maintain the availability and reliability of the vSAN datastore and prevent potential data loss or service disruptions due to insufficient capacity during operations like policy changes.

This configuration parameter can be altered while the cluster is operational.

NFS file shares on vSAN File Services must be configured to restrict access.

When configuring an NFS file share the "Customize net access" option should be selected with a restrictive set of permissions configured.

SMB file shares on vSAN File Services must accept only encrypted SMB authentication communications.

When configuring an SMB file share the Protocol Encryption option must be enabled.