The transition to NetApp MS Azure AD B2C is complete. If you missed the pre-registration, you will be invited to reigister at next log in.
Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

OnTap Efficiencies & Microsoft bitlocker best practices

BenCoughtry

Hi All, if a customer is using MS Bitlocker on virtual machines to encrypt data at rest as well as in transit, what would be OnTap best practices regarding dedupe / compression / compaction, as well as NVE?  I'm guessing NVE would not be needed however will bitlocker encryption reduce ontap space savings and basically waste controller CPU cycles?  Curious of your thoughts on this.

 

Thanks!

1 ACCEPTED SOLUTION

AlexDawson

Yes - you typically can't dedupe or compress any encrypted data and having policies that attempt that do just waste a bit of CPU, but there is a baselining process which will disable compression pretty quickly, but dedupe will still try to run.

 

You can still store encrypted data of course, but for efficiency, they are best used to store the cleartext data and use NVE or NSE/FDE on the controller.

View solution in original post

2 REPLIES 2

D_BEREZENKO

There is no reason for having both.

Each has its pros & cons:

 

  1. BitLocker on one side is user-level, each user can protect it's data, so no other user (including admin) going to be able to access the data
    • On another side, admin cannot access to the corporate data & there are no storage efficiencies
  2. With NetApp, NVE encryption is done on the storage side, and there is nearly not noticeable performance impact.
    • It is Volume-wide, which means if storage admin has access to that volume, he can clone it and access the data.
    • With NVE you can benefit from offline dedup & compression storage efficiencies.

AlexDawson

Yes - you typically can't dedupe or compress any encrypted data and having policies that attempt that do just waste a bit of CPU, but there is a baselining process which will disable compression pretty quickly, but dedupe will still try to run.

 

You can still store encrypted data of course, but for efficiency, they are best used to store the cleartext data and use NVE or NSE/FDE on the controller.

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public