Skip to main content

Reconfigure KMIP server connections after an upgrade from ONTAP 9.2 or earlier

Contributors netapp-aherbin netapp-barbe netapp-aaron-holt netapp-dbagwell
PDFs

After you upgrade from ONTAP 9.2 or earlier to ONTAP 9.3 or later, you need to reconfigure any external key management (KMIP) server connections.

Steps

  1. Configure the key manager connectivity:

    security key-manager setup

  2. Add your KMIP servers:

    security key-manager add -address <key_management_server_ip_address>

  3. Verify that KMIP servers are connected:

    security key-manager show -status

  4. Query the key servers:

    security key-manager query

  5. Create a new authentication key and passphrase:

    security key-manager create-key -prompt-for-key true

    Set a passphrase with at least 32 characters.

  6. Query the new authentication key:

    security key-manager query

  7. Assign the new authentication key to your self-encrypting disks (SEDs):

    storage encryption disk modify -disk <disk_ID> -data-key-id <key_ID>
    Note Use the new authentication key from your query.

  8. If needed, assign a FIPS key to the SEDs:

    storage encryption disk modify -disk <disk_id> -fips-key-id <fips_authentication_key_id>

    If your security setup requires you to use different keys for data authentication and FIPS 140-2 authentication, you should create a separate key for each. Otherwise, use the same authentication key for both.

Related information