ONTAP Hardware

NSE

gfarnham1

I'm new to Netapp. Just want to confirm that to have NSE you need different self encrypting drives. We have Netapps and existing disk in production. Does it mean I have to discard the old disks and replace with disks capable of encryption?

1 ACCEPTED SOLUTION

zacharyt

Yes you will need the NSE drives in both nodes of the HA pair to enable NSE.  NSE drives cannot be mixed with non-NSE drives in a HA pair.

View solution in original post

5 REPLIES 5

zacharyt

Yes you will need the NSE drives in both nodes of the HA pair to enable NSE.  NSE drives cannot be mixed with non-NSE drives in a HA pair.

View solution in original post

bobshouseofcards

You will also need an external key management solution (read "expensive") to hold the unlocking keys for the disks, unless you are also able to run OnTap 9.0 which is just out now in Release Candidate stage.  OnTap 9.0 includes the capability to manage disk unlocking keys onboard.

 

 

Hope this helps you.

 

Bob Greenwald

Lead Storage Engineer, Consilio LLC

NCIE SAN, Data Protection

 

 

 

Kudos and accepted solutions are always appreciated.

What about a system that has only SED disks but is currently not paired with a key manager and disks protection mode all set to open.  Is it possible to set a  key a spare disk and manually swap encrypted disks into an aggregate 1 at a time?  

 

 

Follow up on my questions...

 

https://kb.netapp.com/app/answers/answer_view/a_id/1032894

 

Based on this KB it sounds to me like my drives are already encrypted, just with a 0x0 key and unlocked.  If that is the case what I am describing is really a key change.  If anyone has any input or confirm I would appreciate it.

Hi Jordan,

 

That's essentially the case. NSE drives do the encryption themselves, ONTAP manages the initialisation/changing/unlocking of drives in interaction with either the internal (in newer versions) or external KMS.

 

If your system is already in production with data in place, please open a support ticket to walk through the process of enabling a KMS and setting an encryption key for the drives.

 

Hope this helps!

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public