2017-05-03 09:46 AM
I'm trying to understand the exact support statements around SnapLock Enterprise and encryption.
1.) Is SnapLock Enterprise supported on a FAS system with NSE drives that are configured using either external or internal key management?
2.) Is SnapLock Enterprise supported on a FAS system with NetApp Volume Encryption?
I am pretty sure #2 is "no" but I'm trying to figure out if we encrypt at the hardware level, can we use SnapLock?
Solved! SEE THE SOLUTION
2017-05-03 12:00 PM - edited 2017-05-03 12:30 PM
SnapLock is supported with NSE as of ONTAP 9. For compliance environments that require SnapLock, such as those required to meet SEC 17a-4, NetApp recommends that you work with your accreditation body to understand how to properly protect keys and prevent cryptoshredding of data. NetApp makes no assertion that NSE with SnapLock can meet accreditation, because this process is specific to each customer.
VGE doesnt support the usage of SnapLock yet but is on the roadmap for future realeases of ONTAP.
OKM (Onboard Key management) Internal key management and SnapLock are a supported config.