Solved: Configuring OT for External KMS - weird requirements

JFM · ‎2022-01-19

Hi,

Reading the external key management configuration, in the encryption power guide:

"You can use one or more KMIP servers to secure the keys the cluster uses to access encrypted data. Beginning with ONTAP 9.6, you can use one or more KMIP servers to secure the keys a given SVM uses to access encrypted data.

(...)

You must configure the MetroCluster environment before the key manager is configured."

Do this mean: in case you are using an MC configuration, configure it before enabling KMIP" or does this mean an MC config is required to use KMIP servers.

Thanks for the clarification.

https://docs.netapp.com/us-en/ontap/encryption-at-rest/enable-external-key-management-96-later-nve-task.html

Presales SE at ESI Technologies

SpindleNinja · ‎2022-01-19

You can tell them, either by clicking "request doc changes" on the right side. or the email link at the bottom. "Have feedback for our website? Let us know " It'll create an email and populate the subject line.

View solution in original post

SpindleNinja · ‎2022-01-19

i believe the former. You need both sides of an MCC up before you configure it.

For a non-MCC cluster you just set it up after the cluster is up.

JFM · ‎2022-01-19

Thanks, makes sense... the wording should be adjusted IMHO in the doc.

Presales SE at ESI Technologies

SpindleNinja · ‎2022-01-19

You can tell them, either by clicking "request doc changes" on the right side. or the email link at the bottom. "Have feedback for our website? Let us know " It'll create an email and populate the subject line.

Configuring OT for External KMS - weird requirements

Sign-up for Software Release Notifications!

Join us on Discord