Like many, I have a need to investigate a solution with data encryption at rest. Solution needs to scale to LOTS of data. Love my FAS systems, love my Clustered Data Ontap - hate the available NSE options compared to alternate solutions.
Example - an E-Series 5600 could jam 2.3 PB in a rack with 6TB encrypted disks with 60 disk shelves. My current FAS is loaded with DS4486's x4TB for bulk storage - and 6TB disks are availble but not encrypted, and even then the DS4486 shelf doesn't support encryption - have to drop to DS4246 shelves with at most a 4TB encrypted drive - seriously increases the footprint, the number of disks, and at scale the number or size (or both) of the controller to support all the disks, when neither IOPs nor capacity demand the controller count/size increases - just the encryption support. Similar limitations on disk support exist on the performance disk side of FAS shelves as well as compared to something like an E-Series. Then too - key management is vastly increased with FAS based NSE versus E-Series or equivalent - the E-Series can encrypt with a set of controller based keys for all disks in the system, while every disk in a FAS based encryption system must be individually keyed (granted with an external appliance doing the grunt work).
But then, I'm also not prepared to give up my Clustered OnTap scalability, flexibility, protection infrastructure, and of course multi protocol support. In my shop we have two separate clusters just because we grew up that way - one for SAN based traffic and one for NAS based traffic, but we run all four data protocols as needed where needed. No other single storage system provides that kind of flexibility and adaptive performance that drives our business model.
So - consider encrypting 5PB on the floor. Would you go big and do it all native? Would you consider E-Series (or similar) backend and a Storage Virtualization license on the FAS controllers to achieve better density and fewer FAS components? Would you then perhaps encrypt on the backend storage so you could add native un-encrypted storage to the same FAS controllers (remembering that NSE is all or none in an HA pair)?