ONTAP Discussions

NVE with unreachable KMIP server

fede_melaccio
3,944 Views

Hi all,

 

Would an NVE encrypted volume continue serving data while the key management server is unreachable? Documentation is talking about this issue during the boot process, but not during normal operations. Therefore I assume keys are cached while the storage system is up and the server would not be needed, but I am not sure. Is this correct? Thank you.

 

Regards

Federico

1 ACCEPTED SOLUTION

AlexDawson
3,851 Views

Hi there, I haven't been able to find any information one way or the other on this. I did find the document you are referring to, and I must assume you're a partner - if so, your technical partner manager, or our partner solutions center for your region would be able to connect you with the appropriate people in product management/technical marketing to directly ask this question.

 

That said - our best practice revolves around a highly available KMIP solution with multiple KMIPs and HA inside the KMIPs, so this shouldn't come up

 

View solution in original post

3 REPLIES 3

AlexDawson
3,852 Views

Hi there, I haven't been able to find any information one way or the other on this. I did find the document you are referring to, and I must assume you're a partner - if so, your technical partner manager, or our partner solutions center for your region would be able to connect you with the appropriate people in product management/technical marketing to directly ask this question.

 

That said - our best practice revolves around a highly available KMIP solution with multiple KMIPs and HA inside the KMIPs, so this shouldn't come up

 

fede_melaccio
3,830 Views

Hi,

 

Thank you very much for your reply. I understand the KMIP server will have to be highly available, so the scenario I asked about is highly unlikely and possibly not important to think about. However, following your advice, I will liase with our NetApp  support contacts to get further information. Thanks.

 

Regards

Federico

JFM
2,069 Views

My understanding is that once the system has booted and protocols are up, data will continue to be served if the KMIP access is interrupted.  I wouldn't say for a long period of time (like days), though. 

Presales SE at ESI Technologies
Public