Enable node root volume encryption
Beginning in ONTAP 9.8, you can use NetApp Volume Encryption to protect the root volume of your node.
Your system must be using an HA configuration.
Root volume encryption is not supported on single node configurations.
Your node root volume must already be created.
Your system must have an onboard key manager or an external key management server using the Key Management Interoperability Protocol (KMIP).
About this task
This procedure applies to the node root volume. It does not apply to SVM root volumes. SVM root volumes can be protected through aggregate-level encryption.
Once root volume encryption begins, it must complete. You cannot pause the operation. Once encryption is complete, you cannot assign a new key to the root volume and you cannot perform a secure-purge operation.
Encrypt the root volume:
volume encryption conversion start -vserver SVM_name -volume root_vol_name
Verify the status of the conversion operation:
volume encryption conversion show
When the conversion operation is complete, verify that the volume is encrypted:
volume show -fields
The following shows example output for an encrypted volume.
::> volume show -vserver xyz -volume vol0 -fields is-encrypted vserver volume is-encrypted ---------- ------ ------------ xyz vol0 true