Set up Storage Encryption on the new controller module

Contributors netapp-barbe

If the replaced controller or the HA partner of the new controller uses Storage Encryption, you must configure the new controller module for Storage Encryption, including installing SSL certificates and setting up key management servers.

About this task

This procedure includes steps that are performed on the new controller module. You must enter the command on the correct node.

Steps
  1. Verify that the key management servers are still available, their status, and their authentication key information by using the following commands:

    security key-manager show -status

    security key-manager query

  2. Add the key management servers listed in the previous step to the key management server list in the new controller.

    1. Add the key management server by using the following command:

      security key-manager -add <key_management_server_ip_address>

    2. Repeat the previous step for each listed key management server. You can link up to four key management servers.

    3. Verify the that the key management servers were added successfully by using the following command:

      security key-manager show

  3. On the new controller module, run the key management setup wizard to set up and install the key management servers.

    You must install the same key management servers that are installed on the existing controller module.

    1. Launch the key management server setup wizard on the new node by using the following command:

      security key-manager setup -node <new_controller_name>

    2. Complete the steps in the wizard to configure key management servers.

  4. Restore authentication keys from all linked key management servers to the new node by using the following command:

    security key-manager restore -node <new_controller_name>