English

Encrypting volumes with NetApp encryption solutions

Contributors netapp-bcammett Download PDF of this topic

Cloud Volumes ONTAP supports both NetApp Volume Encryption (NVE) and NetApp Aggregate Encryption (NAE) with an external key manager. NVE and NAE are software-based solutions that enable (FIPS) 140-2–compliant data-at-rest encryption of volumes. Learn more about these encryption solutions.

Starting with Cloud Volumes ONTAP 9.7, new aggregates will have NAE enabled by default after you set up an external key manager. New volumes that aren’t part of an NAE aggregate will have NVE enabled by default (for example, if you have existing aggregates that were created before setting up an external key manager).

Cloud Volumes ONTAP doesn’t support onboard key management.

What you’ll need

Your Cloud Volumes ONTAP system should be registered with NetApp support. Starting with Cloud Manager 3.7.1, a NetApp Volume Encryption license is automatically installed on each Cloud Volumes ONTAP system that is registered with NetApp Support.

Cloud Manager doesn’t install the NVE license on systems that reside in the China region.
Steps
  1. Review the list of supported key managers in the NetApp Interoperability Matrix Tool.

    Search for the Key Managers solution.
  2. Connect to the Cloud Volumes ONTAP CLI.

  3. Install SSL certificates and connect to the external key management servers.