Simulator Discussions

Simulate ONTAP and KMIP (HashiCorp Vault)

Gairy
1,000 Views

With NIST 800-88r1 coming into play, we're in a position where we need to look into moving our volume encryption keys "off-box" and onto a KMIP server. This is the only way that we would be able to perform a "volume encryption secure-purge" is if we move to using an external KMIP if I understand volume encryption requirements correctly in ONTAP.

 

Does anyone know if Simulate ONTAP can do volume encryption, and if so does anyone know if we can test this with a test license from HashiCorp Vault acting as our KMIP server?

1 ACCEPTED SOLUTION

Ontapforrum
959 Views

It's a good question. Please see this thread, it looks like it is 'no longer supported' on Simulator.

https://community.netapp.com/t5/Simulator-Discussions/Volume-Encryption-and-Simulator/m-p/143830

 

If you notice, all the Simulator builds now have 'NODAR', that stands for - "no Data At Rest Encryption".
https://mysupport.netapp.com/site/tools/tool-eula/simulate-ontap/download

View solution in original post

3 REPLIES 3

Ontapforrum
960 Views

It's a good question. Please see this thread, it looks like it is 'no longer supported' on Simulator.

https://community.netapp.com/t5/Simulator-Discussions/Volume-Encryption-and-Simulator/m-p/143830

 

If you notice, all the Simulator builds now have 'NODAR', that stands for - "no Data At Rest Encryption".
https://mysupport.netapp.com/site/tools/tool-eula/simulate-ontap/download

Gairy
953 Views

Thanks for the answer. I started looking this morning into possibly using a trial license for ONTAP Select to use for testing and it appears the eval is also a NODAR image as both available downloads are for restricted countries.

 

https://mysupport.netapp.com/site/downloads/evaluation/ontap-select/download

 

ONTAPSelect Evaluation Restricted Countries

  • 9121_DataONTAPv-esx-standalone-eval-nodar.ova [2.25 GB]

Download Deploy Install Restricted Countries

  • ONTAPSELECT_9121_NODAR.ova [3.18 GB]

I'm reaching out to CDW to see what the cheapest license we can purchase would be as we'll need something "permanent" so we can test upgrades of both ONTAP and Vault.

 

Thanks again

AlexDawson
935 Views

If you have a NetApp Support Account with a valid support contract for any system, I believe you can download the data-at-rest encryption (DAR) image and upgrade the simulator with it, and then obtain a demo key for the simulation for encryption through your sales team.

Public