ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

OnTap Efficiencies & Microsoft bitlocker best practices

BenCoughtry
‎2018-07-16 03:29 PM
3,984 Views

Hi All, if a customer is using MS Bitlocker on virtual machines to encrypt data at rest as well as in transit, what would be OnTap best practices regarding dedupe / compression / compaction, as well as NVE?  I'm guessing NVE would not be needed however will bitlocker encryption reduce ontap space savings and basically waste controller CPU cycles?  Curious of your thoughts on this.

 

Thanks!

0 Kudos
View By:
1 ACCEPTED SOLUTION

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2018-07-17 06:31 AM
3,936 Views

Yes - you typically can't dedupe or compress any encrypted data and having policies that attempt that do just waste a bit of CPU, but there is a baselining process which will disable compression pretty quickly, but dedupe will still try to run.

 

You can still store encrypted data of course, but for efficiency, they are best used to store the cleartext data and use NVE or NSE/FDE on the controller.

View solution in original post

0 Kudos
2 REPLIES 2

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
‎2018-07-17 06:31 AM
3,937 Views

Yes - you typically can't dedupe or compress any encrypted data and having policies that attempt that do just waste a bit of CPU, but there is a baselining process which will disable compression pretty quickly, but dedupe will still try to run.

 

You can still store encrypted data of course, but for efficiency, they are best used to store the cleartext data and use NVE or NSE/FDE on the controller.

0 Kudos

D_BEREZENKO
‎2018-07-17 08:54 AM
3,921 Views

There is no reason for having both.

Each has its pros & cons:

 

  1. BitLocker on one side is user-level, each user can protect it's data, so no other user (including admin) going to be able to access the data
    • On another side, admin cannot access to the corporate data & there are no storage efficiencies
  2. With NetApp, NVE encryption is done on the storage side, and there is nearly not noticeable performance impact.
    • It is Volume-wide, which means if storage admin has access to that volume, he can clone it and access the data.
    • With NVE you can benefit from offline dedup & compression storage efficiencies.
0 Kudos
All Community Forums
Public