Skip to main content

Manage storage encryption using the Onboard Key Manager

Contributors netapp-pcarriga
PDFs

You can use the Onboard Key Manager (OKM) to manage encryption keys. If you have the OKM set up, you must record the passphrase and backup material before beginning the upgrade.

Steps

  1. Record the cluster-wide passphrase.

    This is the passphrase that was entered when the OKM was configured or updated using the CLI or REST API.

  2. Back up the key-manager information by running the security key-manager onboard show-backup command.

Quiesce the SnapMirror relationships (optional)

Before continuing with the procedure, you must confirm that all the SnapMirror relationships are quiesced. When a SnapMirror relationship is quiesced, it remains quiesced across reboots and failovers.

Steps

  1. Verify the SnapMirror relationship status on the destination cluster:

    snapmirror show

    Note

    If the status is "Transferring", you must abort those transfers:
    snapmirror abort -destination-vserver vserver_name

    The abort fails if the SnapMirror relationship is not in the "Transferring" state.

  2. Quiesce all relationships between the cluster:

    snapmirror quiesce -destination-vserver *