ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

NVE and Snapmirror

EddieJ
‎2018-10-23 12:46 PM
5,328 Views

Running ONTAP 9.1P8

 

Have NVE (Netapp Volume Encryption) enabled on both Clusters involved in the snapmirror (UK to US and vice versa)

The source volume is encrypted, but the destination volume is not (as I just found out) . I thought since encryption was enabled on both systems the destination snapmirror volume would be. So the question is how do I achieve this?  Reading around as much as possible I think I may have to enable the default option to encrypt all new volumes upon creation? Or can I convert the destination snapmirror volume to encrypted. Hope that made sense

 

Thanks!!

1 ACCEPTED SOLUTION

naveens17
‎2018-10-24 07:29 AM
5,282 Views

1. Based on your version 9.1P8 you can't use in place conversion ..Need 9.3

 

2. So for now use Vol move with atribute encryption on destionation volume, this will convert your snapmirror target to encrypted volume.

 

3. FYI

Encryption keys apply only to a single cluster.

 

There is no in-flight encryption its all data at rest.

View solution in original post

5 REPLIES 5

naveens17
‎2018-10-24 07:29 AM
5,283 Views

1. Based on your version 9.1P8 you can't use in place conversion ..Need 9.3

 

2. So for now use Vol move with atribute encryption on destionation volume, this will convert your snapmirror target to encrypted volume.

 

3. FYI

Encryption keys apply only to a single cluster.

 

There is no in-flight encryption its all data at rest.

EddieJ
‎2018-10-31 09:08 AM
In response to naveens17
5,224 Views

Thanks!  That works. Was concerned about the volume being DP vs RW. All is well there..

 

Also, How do I set the option that all new volumes created on the cluster will be encrypted going forward? Have not been able to find the command anywhere..

 

Thanks!

 

 

0 Kudos

naveens17
‎2018-10-31 12:25 PM
In response to EddieJ
5,207 Views

volume create -vserver SVM_name -volume volume_name -aggregate aggregate_name -encrypt true

0 Kudos

EddieJ
‎2018-10-31 12:29 PM
In response to naveens17
5,205 Views

Yes, that I know. I am looking for the setting that tells ONTAP to encrypt by default newly created volumes. I recall reading there was an option setting for that. This way when DP volumes are created on the destination cluster they are encrypted by default..

0 Kudos

naveens17
‎2018-10-31 12:36 PM
In response to EddieJ
5,203 Views

To enable volume encryption by default perform the following:

Note: Any existing volume will not be converted.

From the systemshell:
ClusterA::>set diag
Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y

ClusterA::*> systemshell -node * -command sudo kenv -p bootarg.softwareencryption.encryptallvol=true
  (system node systemshell)

Node: ClusterA-01
bootarg.softwareencryption.encryptallvol="true"

Node: ClusterA-02
bootarg.softwareencryption.encryptallvol="true"
2 entries were acted on.


Verification:
ClusterA::*> systemshell -node * kenv bootarg.softwareencryption.encryptallvol
  (system node systemshell)

Node: ClusterA-01
true

Node: ClusterA-02
true
2 entries were acted on.

A reboot is not necessary for these changes to take effect.

0 Kudos
All Community Forums
Public