BlueXP Services

NetApp Steelstore, where's the cloud encryption key file path?

goslackware
1,959 Views

Got a NetApp Steelstore that doesn't boot up all the way anymore, but gets a raid error during bootup.

 

The fed gov client still needs to access their historical backups in AWS S3 Glacier.

 

AWS S3 shows folders (00,0A,.....,FF), which I believe is called "slab" format, and I believe is encrypted.

I figure that I can setup an AltaVault, at least for eval mode, but no one has a copy of the netapp steelstore config or S3 private encryption key.

 

As a test, I booted from a linux USB drive and I can see the "boot" drive of the steelstore.  Is the encryption key located on the boot drive?  Or is it on the raid?  Anyone know the path or way to access the private key?

 

1 REPLY 1

crosson
1,901 Views

I suggest opening a support case for assistance with the RAID error as your best bet to see if SS can be recovered.

Also have customer search for their exported config file or encryption key.  They must have that.

The encryption key is a file like:   megastore_key.bin
The exported configuration  is something like:  'altavault_config_ava400-rtp-2_20200709-092808.tgz'
​where the hostname  isembedded in the file name .  so in this case it would be there steelstore hostname.
 

FYI - If a support case is needed, time is short:  

SteelStore Support:  EoS is Aug 31, 2020 https://mysupport.netapp.com/info/communications/ECMP12486700.html

One time support entitlements can be purchased from NetApp if needed.

 

That said, Support cannot recover the cloud encryption key.     

The customer  must save and export the configuration off of the SteelStore to a safe location in case a DR situation is needed.

Without this key, the cloud data cannot be accessed, as it is deduplicated  and then encrypted by the SS, before sending to the cloud.  All of the cloud data will be deduplicated and encrypted, and only accessible by the SS itself.  The  cloud encryption key is vital to access the cloud data.

SteelStore Documentation:  https://mysupport.netapp.com/documentation/docweb/index.html?productID=62263&language=en-US

NetApp SteelStore Cloud Integrated Storage 3.2.3 PDF - User's Guide

Page 33:  "Store the encryption key in a secure location.  You cannot retrieve your data without this key."

Page 34:   "Click Export Configuration Wizard to download your configuration to your computer and save it for later use.

Downloading your configuration and saving it is very important because it safely stores the encryption key, which is crucial for disaster recovery.  Without this configuration, you cannot recover your data after you perform disaster recovery."

Page 57:   If they used a PassPhrase  they will need to know that also.  The Passphrase encrypts the encryption key itself.

- The doc steps through the process to Import the saved Configuration.   

If no config file is available, you can manually configure the SteelStore or AVA, and paste the encryption key into the SteelStore GUI in the Cloud Settings page.

 

Hope this is helpful.

Regards,

David Crosson

Escalation Support Engineer - DP/Trident

NetApp, Inc

 

 

Public