Configuring Header and Data Digest
Two advanced options are available for an iSCSI connection to provide additional security to the data connection between the VMware ESXi host and the SAN or NAS storage. Header and digest integrity checks do what one might expect: they verify the integrity of the packet header or data by using a checksum operation. The digest checksum requires compute cycles to complete and will adversely affect performance of the host. The only exception to this performance issue is the use of Intel Nehalem processors, which provide additional capabilities to offload the digest calculations and reduce the performance impact to the host system.
Header and Data Digest are not widely used in production systems due to the performance impact weighed against the gain in security provided by the integrity check method. There is no need for this type of integrity check; however, the use of this level of security should correspond to a condition called out in risk assessment or...
