Data ONTAP Discussions

Aggregate level dedupe with NVE

I understand aggregate level deduplication is not supported for volumes encrypted by NVE.  Is anyone able to confirm whether or not this is being roadmapped in future releases of OnTap?





Re: Aggregate level dedupe with NVE



As each volume encrypted with it's own key, the data is different on each volume. even when you do a vol clone you are required to split it and re-key the new volume.



As for enabling dedup on aggr with NVE volumes for the sake of the other volumes. i don't see this limitation anywhere being enforced. do you believe the case is different ?




Re: Aggregate level dedupe with NVE

Hi GidonMarcus, I recieve the error below upon enabling -cross-volume-inline-dedupe on volumes encrypted with NVE.  OnTap 9.2P1


cluster::> vol eff mod -vserver xxxx -volume xxxx -cross-volume-inline-dedupe true

Error: command failed: Failed to modify efficiency configuration for volume "xxxx" of Vserver "xxxx": Cross volume deduplication cannot be enabled on encrypted volumes.


Also, with NVE I have not had per volume keys for vclones or new volumes, only 1 cluster-wide encryption key generated during onboard key-manager setup, and then encrypt existing volumes with "vol move start -encrypt-destination true".




Re: Aggregate level dedupe with NVE



For a moment i thought you are saying it's not possible to enable it on any vol in the aggr with NVE vol present (which i coulden't understand why)

i still don't think they can or should workaround that.


in NVE each volume is encrypted with it's own key and this key is stored in the CSP/KMIP (the key you generated for the cluster, is very likelly the key to protect the KMIP, this key can be changed without re-encrypting the data).


The volumes can be re-keyd with "volume encryption rekey start -vserver vs1 -volume vol1" or with another volume move , that does re-encrypt all the data (and recommended to do after a clone split).




Re: Aggregate level dedupe with NVE

I understand now.  Thank you very much!