Release notes
Enable cluster peering encryption on an existing peer relationship
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.6, cluster peering encryption is enabled by default on all newly created cluster peering relationships. Cluster peering encryption uses a pre-shared key (PSK) and the Transport Security Layer (TLS) to secure cross-cluster peering communications. This adds an additional layer of security between the peered clusters.
If you are upgrading peered clusters to ONTAP 9.6 or later, and the peering relationship was created in ONTAP 9.5 or earlier, cluster peering encryption must be enabled manually after upgrading. Both clusters in the peering relationship must be running ONTAP 9.6 or later in order to enable cluster peering encryption.
-
On the destination cluster, enable encryption for communications with the source cluster:
cluster peer modify source_cluster -auth-status-admin use-authentication -encryption-protocol-proposed tls-psk -
When prompted enter a passphrase.
-
On the data protection source cluster, enable encryption for communication with the data protection destination cluster:
cluster peer modify data_protection_destination_cluster -auth-status-admin use-authentication -encryption-protocol-proposed tls-psk -
When prompted, enter the same passphrase entered on the destination cluster.