I have a client that purchased a FAS-2552 array with standard drives. About a year after the purchase auditors are insisting that the client encrypt their data at rest. They were hoping that ONTAP 9.1 would allow them to run NVE but the entry level arrays do not support it as there isn't enough spare processing power to allow it.
At first I thought no problem I would simply install another shelf of NSE drives and migrate the data over but I don't believe it's a risk free and simple processes. It is my understanding that you pretty much have to wipe all the data even the root volumes before you can turn on the encryption and then you have to recreate the volumes and restore from a snapmirror from across the wire. This process would need to be done twice, once for each site, so two full resync across the wire as well as a long outage.
Brainstorming I'm thinking we could physically unrack and move the DR array to the PRI site and do the same thing but its still going to take a significant amount of time. Going deeper down the rabbit hole I was entertaining breaking the cluster and configuring it as two single node clusters but talk about risk!
Other than simply buying or borrowing a new array with NSE drives and performing a migration .... doesn anyone have any other ideas?