How does ONTAP behave when the external key manager is not accessible?
Applies to
- ONTAP 9
- NetApp Volume Encryption (NVE)
- NetApp Aggregate Encryption (NAE)
Answer
- When ONTAP is booting:
- NVE system: encrypted volumes remain offline
- NSE system: ONTAP will refuse to boot, see the ONTAP Documentation for Encryption
- When creating a key:
- The key is not created when creating a new volume or rekey of an existing volume.
- When deleting a volume:
- Delete will fail because the key cannot be deleted.
- When running the following commands:
security key-manager query
command: key IDs are shown if cache is filled
security key-manager restore
command: command will fail
security key-manager show -status
command: command will show unavailable
- If there is no change in the storage when the key is stored in the cache, there is no effect (Such as creating volume or deleting volume).
-
Additional Information
FAQ: NetApp Volume Encryption and NetApp Aggregate Encryption