Encrypting volumes with NetApp Volume Encryption
Suggest changes
PDFs
NetApp Volume Encryption (NVE) is a software-based technology for encrypting data at rest one volume at a time. Data, Snapshot copies, and metadata are encrypted. Access to the data is given by a unique XTS-AES-256 key, one per volume.
-
Starting with Cloud Manager 3.7.1, a NetApp Volume Encryption license is automatically installed on each Cloud Volumes ONTAP system that is registered with NetApp Support.
-
Registering pay-as-you-go systems
Cloud Manager does not install the NVE license on systems that reside in the China region.
-
At this time, Cloud Volumes ONTAP supports NetApp Volume Encryption with an external key management server. An Onboard Key Manager is not supported.
-
You need to set up NetApp Volume Encryption from the ONTAP CLI.
You can then use either the CLI or System Manager to enable encryption on specific volumes. Cloud Manager does not support NetApp Volume Encryption from its user interface and from its APIs.
-
Review the list of supported key managers in the NetApp Interoperability Matrix Tool.
Search for the Key Managers solution. -
Install SSL certificates and connect to the external key management servers.
-
Create a new encrypted volume or convert an existing unencrypted volume using either the CLI or System Manager.
-
CLI:
-
For new volumes, use the volume create command with the -encrypt parameter.
-
For existing volumes, use the volume encryption conversion start command.
-
-
System Manager:
-
For new volumes, click Storage > Volumes > Create > Create FlexVol and then select Encrypted.
-
For existing volumes, select the volume, click Edit, and then select Encrypted.
-
-