Release notes
Delete existing external key management server connections before upgrading ONTAP
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Collection of separate PDF docs
Creating your file...
Before you upgrade ONTAP, if you are running ONTAP 9.2 or earlier with NetApp Storage Encryption (NSE) and upgrading to ONTAP 9.3 or later, you must use the command line interface (CLI) to delete any existing external key management (KMIP) server connections.
-
Verify that the NSE drives are unlocked, open, and set to the default manufacture secure ID 0x0:
storage encryption disk show -disk *Cli -
Enter the advanced privilege mode:
set -privilege advancedCli -
Use the default manufacture secure ID 0x0 to assign the FIPS key to the self-encrypting disks (SEDs):
storage encryption disk modify -fips-key-id 0x0 -disk *Cli -
Verify that assigning the FIPS key to all disks is complete:
storage encryption disk show-statusCli -
Verify that the mode for all disks is set to data
storage encryption disk showCli -
View the configured KMIP servers:
security key-manager showCli -
Delete the configured KMIP servers:
security key-manager delete -address <kmip_ip_address>Cli -
Delete the external key manager configuration:
security key-manager delete-kmip-configCli
This step does not remove the NSE certificates.
After the upgrade is complete, you must reconfigure the KMIP server connections.
