Release notes
Enable node root volume encryption
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Beginning with ONTAP 9.8, you can use NetApp Volume Encryption to protect the root volume of your node.
|
About this task
This procedure applies to the node root volume. It does not apply to SVM root volumes. SVM root volumes can be protected through aggregate-level encryption and, beginning with ONTAP 9.14.1, NVE.
|
Once root volume encryption begins, it must complete. You cannot pause the operation. Once encryption is complete, you cannot assign a new key to the root volume and you cannot perform a secure-purge operation.
-
Your system must be using an HA configuration.
-
Your node root volume must already be created.
-
Your system must have an onboard key manager or an external key management server using the Key Management Interoperability Protocol (KMIP).
-
Encrypt the root volume:
volume encryption conversion start -vserver SVM_name -volume root_vol_name -
Verify the status of the conversion operation:
volume encryption conversion show -
When the conversion operation is complete, verify that the volume is encrypted:
volume show -fieldsThe following shows example output for an encrypted volume.
::> volume show -vserver xyz -volume vol0 -fields is-encrypted vserver volume is-encrypted ---------- ------ ------------ xyz vol0 true
