we have a NetApp 9.6P3 in production, needs to enable aggr encrption. how can we do it without downtime? Looks we have to empty aggregate before we can enable the encryption on an aggregate. we can LUNs presented to hosts from both aggregates on a HP pair.
All it suggests is that, you either create a new aggr and then move the vols, or turn the existing aggr with NVE vols into encryption and then move the vols. However, this means you will need enough free disks to create a new aggregate in the first place, or select any existing aggr with enough space. ( This may or may not be feasible)
Finally, I guess vol move is NDU in Ontap, so technically that part should be non-disruptive when you move vol to NAE aggr.
if i remember right, on new version (forgot which), we can enable NVE without moving a volume. if this is true, can we enable all data vols with encryption and move root vols to parter's aggr, then we can enable encryption on aggr. is that possible?
A volume encrypted with a unique key is called an NVE volume
A volume encrypted with an aggregate-level key is called an NAE volume
Regarding 'root' vol : There are two types in cDOT/ONTAP 1) Controller root vol (Aggregtates) = Not encrypted in both NAE & NVE 2) SVM root vol = encrpted in NVE only. KB: 1086920 [To be honest, I will be more concern with data volumes]