Enable encryption on an existing volume with the volume encryption conversion start command
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- Security and data encryption
- Data protection and disaster recovery
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.3, you can use the volume encryption conversion start
command to enable encryption of an existing volume "in place," without having to move the volume to a different location.
Once you start a conversion operation, it must complete. If you encounter a performance issue during the operation, you can run the volume encryption conversion pause
command to pause the operation, and the volume encryption conversion resume
command to resume the operation.
Beginning with ONTAP 9.14.1, you can use volume encryption conversion start
on an SVM root volume. For more information, see Configure NetApp Volume Encryption on an SVM root volume.
You cannot use volume encryption conversion start to convert a SnapLock volume.
|
-
Enable encryption on an existing volume:
volume encryption conversion start -vserver svm_name -volume volume_name
For complete command syntax, see the command reference.
The following command enables encryption on the existing volume
vol1
:cluster1::> volume encryption conversion start -vserver vs1 -volume vol1
The system creates an encryption key for the volume. The data on the volume is encrypted.
-
Verify the status of the conversion operation:
volume encryption conversion show
For complete command syntax, see the man page for the command.
The following command displays the status of the conversion operation:
cluster1::> volume encryption conversion show Vserver Volume Start Time Status ------- ------ ------------------ --------------------------- vs1 vol1 9/18/2017 17:51:41 Phase 2 of 2 is in progress.
-
When the conversion operation is complete, verify that the volume is enabled for encryption:
volume show -is-encrypted true
For complete command syntax, see the man page for the command.
The following command displays the encrypted volumes on
cluster1
:cluster1::> volume show -is-encrypted true Vserver Volume Aggregate State Type Size Available Used ------- ------ --------- ----- ---- ----- --------- ---- vs1 vol1 aggr2 online RW 200GB 160.0GB 20%
If you are using a KMIP server to store the encryption keys for a node, ONTAP automatically pushes an encryption key to the server when you encrypt a volume.