2018-05-04 02:39 PM
I understand aggregate level deduplication is not supported for volumes encrypted by NVE. Is anyone able to confirm whether or not this is being roadmapped in future releases of OnTap?
Solved! SEE THE SOLUTION
2018-05-08 10:08 AM - edited 2018-05-09 05:35 AM
As each volume encrypted with it's own key, the data is different on each volume. even when you do a vol clone you are required to split it and re-key the new volume.
As for enabling dedup on aggr with NVE volumes for the sake of the other volumes. i don't see this limitation anywhere being enforced. do you believe the case is different ?
2018-05-08 11:11 AM
Hi GidonMarcus, I recieve the error below upon enabling -cross-volume-inline-dedupe on volumes encrypted with NVE. OnTap 9.2P1
cluster::> vol eff mod -vserver xxxx -volume xxxx -cross-volume-inline-dedupe true
Error: command failed: Failed to modify efficiency configuration for volume "xxxx" of Vserver "xxxx": Cross volume deduplication cannot be enabled on encrypted volumes.
Also, with NVE I have not had per volume keys for vclones or new volumes, only 1 cluster-wide encryption key generated during onboard key-manager setup, and then encrypt existing volumes with "vol move start -encrypt-destination true".
2018-05-09 05:34 AM
For a moment i thought you are saying it's not possible to enable it on any vol in the aggr with NVE vol present (which i coulden't understand why)
i still don't think they can or should workaround that.
in NVE each volume is encrypted with it's own key and this key is stored in the CSP/KMIP (the key you generated for the cluster, is very likelly the key to protect the KMIP, this key can be changed without re-encrypting the data).
The volumes can be re-keyd with "volume encryption rekey start -vserver vs1 -volume vol1" or with another volume move , that does re-encrypt all the data (and recommended to do after a clone split).