Can I Turn Off storage vMotion encryption for encrypted virtual machines?
For disks that are not encrypted, Storage vMotion encryption is not supported. For virtual machines that are encrypted, migration with vSphere vMotion always uses encrypted vSphere vMotion. You cannot turn off encrypted vSphere vMotion for encrypted virtual machines.
What is the default vSphere vMotion State for non-encrypted virtual machines?
For virtual machines that are not encrypted, you can set encrypted vSphere vMotion to one of the following states. The default is Opportunistic. Do not use encrypted vSphere vMotion. Use encrypted vSphere vMotion if source and destination hosts support it. Only ESXi versions 6.5 and later use encrypted vSphere vMotion.
How to encrypt a virtual machine (VM)?
Through the VM hardware option in the vSphere client, simply select a VM and then go to Edit settings > VM Options > Encryption. You can also apply vMotion encryption on per-VM level. When migrating a VM using vMotion, vCenter server generates a random 256-bit key (yet uses no KMS for this process).
Why can’t I migrate with vSphere vMotion?
If the source or destination host does not support encrypted vSphere vMotion, migration with vSphere vMotion is not allowed. When you encrypt a virtual machine, the virtual machine keeps a record of the current encrypted vSphere vMotion setting.