Tech ONTAP Blogs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tech ONTAP Blogs

NetApp Volume Encryption is Great for OpenStack

DeepakRaj
NetApp
NetApp
‎2025-05-06 05:09 AM
268 Views

"This article was orignally published on Apr 3, 2017"

 

Without doubt, security is one of the most important concerns for your enterprise – and so should it be for your OpenStack cloud. Encryption not only helps to protect your data, but also ensure compliance.

 

Starting with the Ocata release of OpenStack, the NetApp Cinder driver supports NetApp’s software-based Volume Encryption (NVE) which allows you to encrypt on a per volume basis for greater flexibility, for example, when you need to encrypt certain volumes and not the entire storage array. While it’s recommended to get the latest NetApp driver through your OpenStack distribution, you can also find it on the upstream OpenStack repository: https://github.com/openstack/cinder

 

Configuring NVE requires you to install the associated license and enabling onboard key management. Before installing the license, you should determine whether your ONTAP version supports NVE.  You can also find some really good details on it and the benefits that it brings to the table in the ONTAP 9 documentation, the NetApp Encryption Guide, and this Tech ONTAP Podcast.

 

From an OpenStack perspective, it’s actually pretty easy to set up!

 

Once you have volume encryption enabled on a backend, all that you need to do is set the netapp_flexvol_encryption extra-spec to ‘true’ for a new or existing volume-type.

 

Here’s an example of how you can create a new volume type with the netapp_flexvol_encryption extra-spec:

$ cinder type-create encrypted
$ cinder type-key encrypted set netapp_flexvol_encryption=true

Once that’s done, you can leverage this volume type to create encrypted Cinder volumes either through the ‘cinder create’ command, or through the Horizon dashboard.

 

That’s it! It’s really that simple!

 

You can now have data-at-rest encryption with NVE, in addition to the existing encryption solution provided by Cinder: https://docs.openstack.org/security-guide/tenant-data/data-encryption.html. Combining the two solutions can help enforce security for data in-transmission and at rest, thus ensuring that your data cannot be read even if the underlying device is lost, stolen, or repurposed.

 

So go ahead and give it a try to see how NetApp’s Volume Encryption can bring security to your OpenStack cloud without sacrificing flexibility and performance!

 

Stay tuned to learn more, and if you have any questions, let us know in the comments below or on Discord channel. 

 

0 Kudos
Labels:
Announcements
All Community Forums
Public