ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

NEED DISK REKEY Warning in Upgrade Plan

NEO-BAHAMUT
‎2025-07-18 11:47 PM
972 Views

Hi All, i've been preparing for an ONTAP upgrade recently from 9.11.1P10 up to 9.15.1P12. I've got a report from ActiveIQ and as a warning it states that "Encryption Keys are not in sync for all nodes". It also links me to the following article - ONTAP Upgrade Advisor Plan: Validate encryption keys are in sync for all nodes - NetApp Knowledge Base

 

Now i believe that from a disk level we don't have encryption enabled but we do at volume level. When looking in the cluster settings I can see this

NEOBAHAMUT_2-1752907496193.png

just wondered if anyone could give us any info on this warning we are getting and will it stop the upgrade? When running the commands in the article its coming back as though there is no problem.

 

0 Kudos
1 ACCEPTED SOLUTION

TMACMD
NetApp A-Team
‎2025-07-19 04:17 AM
948 Views

You don’t need to let the disks. It’s easy though

 just click the button in the GUI

 

 i find it should be a best practice to sync keys before upgrading 

security key-manager onboard sync

 

 You’ll need the output from the 

“security key-manager onboard show-backup” and your passphrase to “security key-manager onboard verify-backup” 

 

View solution in original post

0 Kudos
4 REPLIES 4

TMACMD
NetApp A-Team
‎2025-07-19 04:17 AM
949 Views

You don’t need to let the disks. It’s easy though

 just click the button in the GUI

 

 i find it should be a best practice to sync keys before upgrading 

security key-manager onboard sync

 

 You’ll need the output from the 

“security key-manager onboard show-backup” and your passphrase to “security key-manager onboard verify-backup” 

 

0 Kudos

NEO-BAHAMUT
‎2025-07-19 04:37 AM
942 Views

Hi TMAC!

 

we recently decommissioned four FAS controllers with SAS disks. The volumes on these controllers weren’t encrypted. Before decom I migrated everything to our two new controllers which we encrypted volumes. That’s not something onconfigured and weren’t sure if volume encryption was something new in the new controllers?

 

Is there any issue in us encrypting the disks? It will obviously increase the security on the data.


Is there any issue or will it disrupt client connectivity to the disks etc? I don’t really know much about this side of ONTAP.

 

 

0 Kudos

TMACMD
NetApp A-Team
‎2025-07-19 04:43 AM
940 Views

Enabling Encryption on flash is instant. No disruption. 
you must have the onboard key manager setup and synced to all current nodes. 

if you have flash, I hope you are using aggregate encryption so as to take advantage of cross volume efficiencies. If you are only doing NetApp volume encryption then your still get efficiencies except you can’t get any cross-volume

 

 you can check with

 volume show -fields encryption-type 

volume = nve

aggregate = nae

none = no encryption

 

0 Kudos

NEO-BAHAMUT
‎2025-07-20 01:34 AM
911 Views

Hi TMAC, just to confirm - yes we are using Aggregate encryption.

 

So going forward, would you suggest we make sure keys are all in sync (i think they are), and also Rekey them to remove the warning?

0 Kudos
All Community Forums
Public