Skip to main content

NetApp_Insight_2020.png 

NetApp Knowledgebase

NSE: How to unconfigure the external key management before upgrading to Data ONTAP 9.3 or later

Views:
411
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • NetApp Storage Encryption (NSE)
  • Key Management Interoperability Protocol (KMIP)
  • ONTAP 9.0 to 9.2

Description

This article describes the procedure to upgrade a NSE system using an external key management (KMIP) server to ONTAP 9.3 or later.

  • A new KMIP client has been released in the ONTAP 9.3 code (KMIP2).
  • Keys that were created/stored using a KMIP1 client in pre-ONTAP 9.3 releases cannot be retrieved using the new KMIP2 client.
  • For more information, see the ONTAP 9.3 Release Notes.

Page 25:
Important: If you are upgrading to ONTAP 9.3 from a previous version, you must delete any existing KMIP server connections using the security key-manager delete-kmip-config command before upgrading, then reconfigure the KMIP server connections using the security key-manager setup command after the upgrade is completed.”

  • The following error message may be seen when upgrading a NSE system with external KMIP to ONTAP 9.3:

Error: External key management is configured on the cluster.
       Please unconfigure the external key management before
       upgrading to Data ONTAP 9.3.
       To unconfigure, run the command:
       "security key-manager delete-kmip-config"
ERROR: external keymanager check failed.
Install Failed.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support