Skip to main content

Replace a FIPS drive or SED

Contributors netapp-ahibbard netapp-thomi

You can replace a FIPS drive or SED the same way you replace an ordinary disk. Make sure to assign new data authentication keys to the replacement drive. For a FIPS drive, you may also want to assign a new FIPS 140-2 authentication key.

Note If an HA pair is using encrypting SAS or NVMe drives (SED, NSE, FIPS), you must follow the instructions in the topic Returning a FIPS drive or SED to unprotected mode for all drives within the HA pair prior to initializing the system (boot options 4 or 9). Failure to do this may result in future data loss if the drives are repurposed.
Before you begin
  • You must know the key ID for the authentication key used by the drive.

  • You must be a cluster administrator to perform this task.

Steps
  1. Ensure that the disk has been marked as failed:

    storage disk show -broken

    For complete command syntax, see the man page.

    cluster1::> storage disk show -broken
    Original Owner: cluster1-01
      Checksum Compatibility: block
                                                                     Usable Physical
        Disk   Outage Reason HA Shelf Bay Chan   Pool  Type    RPM     Size     Size
        ------ ---- ------------ ---- --- ---- ------ -----  -----  -------  -------
        0.0.0  admin  failed  0b    1   0    A  Pool0  FCAL  10000  132.8GB  133.9GB
        0.0.7  admin  removed 0b    2   6    A  Pool1  FCAL  10000  132.8GB  134.2GB
    [...]
  2. Remove the failed disk and replace it with a new FIPS drive or SED, following the instructions in the hardware guide for your disk shelf model.

  3. Assign ownership of the newly replaced disk:

    storage disk assign -disk disk_name -owner node

    For complete command syntax, see the man page.

    cluster1::> storage disk assign -disk 2.1.1 -owner cluster1-01
  4. Confirm that the new disk has been assigned:

    storage encryption disk show

    For complete command syntax, see the man page.

    cluster1::> storage encryption disk show
    Disk    Mode Data Key ID
    -----   ---- ----------------------------------------------------------------
    0.0.0   data F1CB30AFF1CB30B00101000000000000A68B167F92DD54196297159B5968923C
    0.0.1   data F1CB30AFF1CB30B00101000000000000A68B167F92DD54196297159B5968923C
    1.10.0  data F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC
    1.10.1  data F1CB30AFF1CB30B00101000000000000CF0EFD81EA9F6324EA97B369351C56AC
    2.1.1   open 0x0
    [...]
  5. Assign the data authentication keys to the FIPS drive or SED.

  6. If necessary, assign a FIPS 140-2 authentication key to the FIPS drive.