ONTAP Discussions

NFS/CIFS Encryption

heightsnj

In terms of end to end encryption over NFS/CIFS, I know there can have NetApp Volume Encryption which will happen on volumes. What about encryptions from VM clients and to the NetApp storage?

 

In NFS Datastore cases, we are using v3, and not using Kerboros( I know Kerbors can support AES). We also use NFS/CIFS share. So, what kind of encryptions suppored here if any, and how can they work out?

 

Thanks!

3 REPLIES 3

paul_stejskal

SMB3 and NFS+krb5p are supported. I would recommend going to over 9.2 to get support otherwise AES-NI Intel CPU instruction sets won't be active in ONTAP and you won't see good performance at all.

heightsnj

My question is what if we didn't implement KRB at all? Any encryption can be used, and how?

in SMB3 case, what requirements on NetApp storage and Window clients?

paul_stejskal

I don't believe it's possible to encrypt NFS streams outside of KRB5P.

 

For SMB3, there is SMB encryption built into the protocol and we support it. I'd check with Microsoft for details or search around enabling, but it is well documented.

 

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.cdot-famg-cifs/GUID-6F694E53-022A-453A-8AC9-6F2941794DA6.html

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.cdot-famg-cifs/GUID-EF158266-85EE-4648-8D0F-6F80F0E13DCA.html

https://whyistheinternetbroken.wordpress.com/2017/07/24/ontap92-krb5p/

https://www.netapp.com/us/media/tr-4616.pdf <--talks about KRB5P NFS with Active Directory

Securing your NetApp infrastructure: https://www.netapp.com/us/media/tr-4569.pdf

 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public