Skip to main content

Set up NetApp Volume or Aggregate Encryption on the new controller module

Contributors netapp-pcarriga netapp-aoife

If the replaced controller or high availability (HA) partner of the new controller uses NetApp Volume Encryption (NVE) or NetApp Aggregate Encryption (NAE), you must configure the new controller module for NVE or NAE.

About this task

This procedure includes steps that are performed on the new controller module. You must enter the command on the correct node.

ONTAP 9.6 and 9.7

Configure NVE or NAE on controllers running ONTAP 9.6 or 9.7

Steps
  1. Verify that the key management servers are still available, their status, and their authentication key information:

    security key-manager key query -node node

  2. Add the key management servers listed in the previous step to the key management server list in the new controller:

    1. Add the key management server:

      security key-manager -add key_management_server_ip_address

    2. Repeat the previous step for each listed key management server.

      You can link up to four key management servers.

    3. Verify the that the key management servers were added successfully:

      security key-manager show

  3. On the new controller module, run the key management setup wizard to set up and install the key management servers.

    You must install the same key management servers that are installed on the existing controller module.

    1. Launch the key management server setup wizard on the new node:

      security key-manager setup -node new_controller_name

    2. Complete the steps in the wizard to configure key management servers.

  4. Restore authentication keys from all linked key management servers to the new node.

ONTAP 9.5

Configure NVE or NAE on controllers running ONTAP 9.5

Steps
  1. Verify that the key management servers are still available, their status, and their authentication key information:

    security key-manager key show

  2. Add the key management servers listed in the previous step to the key management server list in the new controller:

    1. Add the key management server:

      security key-manager -add key_management_server_ip_address

    2. Repeat the previous step for each listed key management server.

      You can link up to four key management servers.

    3. Verify the that the key management servers were added successfully:

      security key-manager show

  3. On the new controller module, run the key management setup wizard to set up and install the key management servers.

    You must install the same key management servers that are installed on the existing controller module.

    1. Launch the key management server setup wizard on the new node:

      security key-manager setup -node new_controller_name

    2. Complete the steps in the wizard to configure key management servers.

  4. Restore authentication keys from all linked key management servers to the new node.

After you finish

Check if any volumes were taken offline because authentication keys were not available or External Key Management servers could not be reached. Bring those volumes back online using the volume online command.