Skip to main content

Replace a FIPS drive or SED in ONTAP

Contributors netapp-ahibbard netapp-aaron-holt netapp-andreajost netapp-dbagwell netapp-thomi netapp-aherbin
PDFs

You can replace a FIPS drive or SED the same way you replace an ordinary disk. Make sure to assign new data authentication keys to the replacement drive. For a FIPS drive, you may also want to assign a new FIPS 140-2 authentication key.

Note If an HA pair is using encrypting SAS or NVMe drives (SED, NSE, FIPS), you must follow the instructions in the topic Returning a FIPS drive or SED to unprotected mode for all drives within the HA pair prior to initializing the system (boot options 4 or 9). Failure to do this may result in future data loss if the drives are repurposed.
Before you begin

  • You must know the key ID for the authentication key used by the drive.

  • You must be a cluster administrator to perform this task.

Steps

  1. Ensure that the disk has been marked as failed:

    storage disk show -broken

    Learn more about storage disk show in the ONTAP command reference.

    cluster1::> storage disk show -broken
Original Owner: node1
  Checksum Compatibility: block
                                                Drawer                              Usable Physical
    Disk            Outage Reason  HA Shelf Bay  /Slot Chan   Pool    Type    RPM     Size     Size Model
    --------------- ------------- --- ----- --- ------ ---- ------ ------- ------ -------- -------- ----------------
    1.0.12          admin failed   0a     0  12   -/-     A FAILED SSD-NVM      -   1.75TB   1.75TB X4024S173A1T9NTE

Original Owner: node2
  Checksum Compatibility: block
                                                Drawer                              Usable Physical
    Disk            Outage Reason  HA Shelf Bay  /Slot Chan   Pool    Type    RPM     Size     Size Model
    --------------- ------------- --- ----- --- ------ ---- ------ ------- ------ -------- -------- ----------------
    1.0.13          admin failed   0b     0  13   -/-     B FAILED SSD-NVM      -   1.75TB   1.75TB X4024S173A1T9NTF

2 entries were displayed.
[...]

  2. Remove the failed disk and replace it with a new FIPS drive or SED, following the instructions in the hardware guide for your disk shelf model.

  3. Assign ownership of the newly replaced disk:

    storage disk assign -disk disk_name -owner node

    Learn more about storage disk assign in the ONTAP command reference.

    cluster1::> storage disk assign -disk 2.1.1 -owner cluster1-01

  4. Confirm that the new disk has been assigned:

    storage encryption disk show

    Learn more about storage encryption disk show in the ONTAP command reference.

    cluster1::> storage encryption disk show
Disk    Mode Data Key ID
-----   ---- ----------------------------------------------------------------
0.0.0   data <id_value>
0.0.1   data <id_value>
1.10.0  data <id_value>
1.10.1  data <id_value>
2.1.1   open 0x0
[...]

  5. Assign the data authentication keys to the FIPS drive or SED.

    Assigning a data authentication key to a FIPS drive or SED (external key management)

  6. If necessary, assign a FIPS 140-2 authentication key to the FIPS drive.

    Assigning a FIPS 140-2 authentication key to a FIPS drive

Related information