How do I transition from the onboard key manager to an external key manager, or conversely?
Applies to
- ONTAP 9
- NetApp Volume Encryption (NVE)
- NetApp Aggregate Encryption (NAE)
- NetApp Storage Encryption (NSE)
Answer
- Perform one of the following steps for the appropriate encryption type:
- NetApp Storage Encryption (NSE):
- Reset the authentication keys to the default manufacturer secure ID (MSID), 0x0.
- NetApp Volume Encryption (NVE):
- Unencrypt all volumes
- NetApp Aggregate Encryption (NAE):
- Move all NAE or NVE volumes to a non-NAE aggregate as non-encrypted.
- NetApp Storage Encryption (NSE):
- If you're coming from OKM, delete the OKM configuration and create the external key manager configuration.
- If you're coming from the external key manager, delete the external key manager configuration and create the OKM configuration.
- Finally, set authentication keys for NSE drives and encrypt required volumes with NVE.
Additional Information
FAQ: NetApp Volume Encryption and NetApp Aggregate Encryption