ONTAP Discussions
ONTAP Discussions
we have a NetApp 9.6P3 in production, needs to enable aggr encrption. how can we do it without downtime? Looks we have to empty aggregate before we can enable the encryption on an aggregate. we can LUNs presented to hosts from both aggregates on a HP pair.
thanks
Solved! See The Solution
if i remember right, on new version (forgot which), we can enable NVE without moving a volume. if this is true, can we enable all data vols with encryption and move root vols to parter's aggr, then we can enable encryption on aggr. is that possible?
thanks.
Can I encrypt an existing volume in place with NAE in ONTAP 9.6?
Answer: No. You need to do one of the following options mentioned below in the kb.
if i remember right, on new version (forgot which), we can enable NVE without moving a volume. if this is true, can we enable all data vols with encryption and move root vols to parter's aggr, then we can enable encryption on aggr. is that possible?
thanks.
Yes, I think you are talking about - In-place encryption of existing volumes, feature introduced in ONTAP 9.3.
Procedure to transition an existing un-encrypted volume:
A) Prior to 9.3 = 'volume move' command
B) 9.3 later = 'volume encryption conversion start'
Some Kbs for referemce, hope it helps.
How to configure NetApp Volume Encryption
https://kb.netapp.com/app/answers/answer_view/a_id/1030618
Is it possible to tune the NetApp Volume Encryption conversion process?
https://kb.netapp.com/app/answers/answer_view/a_id/1086286
Considerations when using Netapp Volume Encryption (NVE)
https://kb.netapp.com/app/answers/answer_view/a_id/1074806
Difference:
Regarding 'root' vol :
There are two types in cDOT/ONTAP
1) Controller root vol (Aggregtates) = Not encrypted in both NAE & NVE
2) SVM root vol = encrpted in NVE only.
KB: 1086920 [To be honest, I will be more concern with data volumes]
Thanks!