Encrypt stored data using self-encrypting drives
Suggest changes
PDFs
Use disk encryption to ensure that all data in a local tier cannot be read if the underlying device is repurposed, returned, misplaced, or stolen. Disk encryption requires special self-encrypting HDDs or SSDs.
This procedure applies to FAS, AFF, and current ASA systems. If you have an ASA r2 system (ASA A1K, ASA A70, or ASA A90), follow these steps to enable hardware level encryption. ASA r2 systems provide a simplified ONTAP experience specific to SAN-only customers.
Disk encryption requires a key manager. You can configure the onboard key manager using System Manager. You can also use an external key manager, but you need to first set it up using the ONTAP CLI.
If ONTAP detects self-encrypting disks, it prompts you to configure the onboard key manager when you create the local tier.
-
Under Encryption, click
to configure the onboard key manager. -
If you see a message that disks need to be rekeyed, click
, and then click Rekey Disks.