You're giving me hell here
We're trying to stop you wasting time on things that are inconsequential when you have much bigger problems that you have ignored. And this is a variation on the XY Problem.
You have asked a question, we have answered it, but unfortunately it isn't the answer you want to hear.
Disk encryption will only be of any use if the disk/machine is off/physically stolen. You have much bigger issues to address.
Sensitive mails directed to other organizations within our WAN are encrypted by default anyways.
But are you confusing a secure connection with an encrypted email? They are not the same thing. If a hacker gets into your server can they cd to the mail store and read mails?
So you use PGP internally then? You don't cache any unencrypted mails in your mail program on your client computers like laptops & desktops (eg Thunderbird has Message Synchronisation set to off etc) or you exclusively use webmail? And all of your client desktops have disk encryption enabled? If so that's good......
1) judicially it will also trim the financial damage in case one is sued for data leaks (GDPR)
You are going to get your butt spanked far more quickly if you don't fix some of your other issues. Disk encryption is so low down your list of potential GDPR fails you can essentially forget it right now. (I also fall under GDPR - Disk encryption doesn't lose me any sleep)
2) data end up in cluster storage, so another compromised VM might be able to access and control the hypervisor and/or view data for the SME VM directly
Protection is ONLY true if the SME VM is stopped, but as it is a server I guess it will be running pretty well 24/7 ? So 99.999999999% of the time your disk encryption is useless. Prioritise.
But I don't have time to do all the things that must be done, so I'm heavily cutting corners.
XY Problem in the making then. Disk encryption is NOT your solution. Careful planning is - you have already delayed upgrades far too long. Migrating immediately is your top priority. Implementing something you don't really understand will not help. Cutting corners will just make everything a whole lot worse.
That's pitiful being said from me considering my statements about me valuing security etc etc
Exactly. The core of the problem. So stop RIGHT NOW. Focus your time on the essentials. Stop wasting it on trivia.
With all those said though, you've still not told me how to enable encryption during setup on SME Any information will be appreciated.
Well, you are wasting valuable time on this and not the important stuff like getting upgraded.
First - it may be easier to to use the hypervisor for encryption of the VM. Please have a read online about it.
Next - why haven't you tried the v10 installer yet? Look under Installation Destination. Look in the Partitioner. However, I am not sure whether this actually works with v10..... You will have to test it and see. Note you will also need to insert the password for every boot......
An alternative is to install a CentOS 7 minimal, sort out the encryption, and then use
https://wiki.koozali.org/Centos2smeOr another is install, and then create an encrypted volume and mount it in the place of a ibay, and or user directories/mail stores
Whatever you do, be careful. You can just as easily lose your data or prevent user access if you get things wrong.
I'd really spend some time looking at the different methods of encryption and understand them and the pros and cons.
Then run a proper risk assessment of all your systems and carefully weigh up the real dangers, because currently you seem to have your priorities a little skewed.
I'm not trying to be unkind but to try and get you to realise you have far bigger headaches to fix NOW than messing with disk encryption.