Reconfiguring KMIP server connections after upgrading to ONTAP 9.3 or later


After performing an upgrade to ONTAP 9.3 or later, you must reconfigure your external key management (KMIP) server connections.

  1. Configure the key manager connectivity:security key-manager setup

  2. Add your KMIP servers: security key-manager add -address key_management_server_ip_address

  3. Verify that KMIP servers are connected: security key-manager show -status

  4. Query the key servers: security key-manager query

  5. Create a new authentication key and passphrase: security key-manager create-key -prompt-for-key true

    The passphrase must have a minimum of 32 characters.

  6. Query the new authentication key: security key-manager query

  7. Assign the new authentication key to your self-encrypting disks (SEDs): storage encryption disk modify -disk disk_ID -data-key-id key_ID

    Note Make sure you are using the new authentication key from your query.
  8. If needed, assign a FIPS key to the SEDs: storage encryption disk modify -disk disk_id -fips-key-id fips_authentication_key_id

    If your security setup requires you to use different keys for data authentication and FIPS 140-2 authentication, you should create a separate key for each. If that is not the case, you can use the same authentication key for FIPS compliance that you use for data access.