Hello!
I have a few questions regarding the encryption solutions available with ONTAP 9.1. I have a customer that is interested in implementing "double encryption" of their data on the FAS2600 series filer(s). In order to get our products in line with this requirement, I was hoping to get the following questions answered:
With OKM, where are the encryption keys/passphrase data stored? On the filer hardware?
Does the OKM passphrase need to be entered upon a node reboot?
A couple pieces of NetApp documentation have conflicting information regarding changing of the OKM passphrase.This resource contains examples of prompts that state that reconfiguring of the passphrasen cannot be done:
http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-900%2Fsecurity__key-manager__setup.html
Whereas the NetApp Encryption Power Guide provides instructions to perform this procedure on page 42:
https://library.netapp.com/ecm/ecm_download_file/ECMLP2572742
Which piece of documentation is correct?