Search
- Filter results by:
- View attachments
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/NSE_How_to_unconfigure_the_external_key_management_before_upgrading_to_Data_ONTAP_9.3_or_laterThis article describes the procedure to upgrade a NSE system using an external key management (KMIP) server to ONTAP 9.3 or later. “Important: If you are upgrading to ONTAP 9.3 from a previous version...This article describes the procedure to upgrade a NSE system using an external key management (KMIP) server to ONTAP 9.3 or later. “Important: If you are upgrading to ONTAP 9.3 from a previous version, you must delete any existing KMIP server connections using the security key-manager delete-kmip-config command before upgrading, then reconfigure the KMIP server connections using the security key-manager setup command after the upgrade is completed.”
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/NSE__How_to_enable_drive_authentication_on_a_NSE_spare_drive_replacementWhen a drive is replaced on a NSE storage system, the storage administrator must manually rekey the new spare drive with a valid key ID and authentication passphrase to protect the data on the drive. ...When a drive is replaced on a NSE storage system, the storage administrator must manually rekey the new spare drive with a valid key ID and authentication passphrase to protect the data on the drive. It is extremely important to rekey the spare drive with the current key ID and lock the drive (ONTAP 8.3 and lower) to protect the data, prior to using the drive in production.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Security_key_manager_delete_kmip_config_command_gives_Error__command_failedData and FIPS-compliance authentication keys are set for MSID 0x0 Running "security key-manager delete-kmip-config" gives error: Error: command failed: Use the command "storage encryption disk show" a...Data and FIPS-compliance authentication keys are set for MSID 0x0 Running "security key-manager delete-kmip-config" gives error: Error: command failed: Use the command "storage encryption disk show" and "storage encryption disk show -fips" to show the devices that have authentication keys other than the default Manufacture Secure ID (MSID, denoted by keyID "0x0" commands to exit FIPS-compliance mode and to change the data authentication key to the default Manufacture Secure ID.
- https://kb.netapp.com/on-prem/ontap/DP/SnapMirror/SnapMirror-KBs/NSE_Do_NetApp_Storage_Encryption_and_SnapMirror_transfer_data_in_plain_textIn this topology, the data on the NSE system will be decrypted when reading from the disk, transferred decrypted over the network, and then written to the destination in plain text. In the event that ...In this topology, the data on the NSE system will be decrypted when reading from the disk, transferred decrypted over the network, and then written to the destination in plain text. In the event that both the source and destination are NSE controllers, data will be decrypted when reading from the source, transferred in plain text, and then encrypted when writing to the destination SnapMirror.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/NSE__How_to_check_the_expiration_date_on_NSE_certificatesApplies to NetApp Storage Encryption (NSE) Description Check Active IQ if this impacts your systems This article describes the procedure to check the expiration date or validity of NSE certificates.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_remove_Onboard_Key_Management_OKM_in_Data_ONTAP_9_6_and_later_when_volumes_are_encryptedApplies to ONTAP 9.6 and later Onboard Key Management (OKM) Encryption Description The procedure listed in this article describes how to remove an existing Onboard Key Management (OKM) setup while enc...Applies to ONTAP 9.6 and later Onboard Key Management (OKM) Encryption Description The procedure listed in this article describes how to remove an existing Onboard Key Management (OKM) setup while encrypted volumes and aggregates are present in the cluster.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/NSE__How_can_I_renew_expired_NSE_certificates_connected_to_TKLM_or_SKLM_key_serversIn case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey ...In case there is a loss of power during the certificate replacement procedures, manually re-key the drives to default Key ID 0x0 temporarily before replacing the certificates. Run: disk encrypt rekey <Key-ID> * (This is the Key ID from Step 1b above, the Key ID should also be on the key_manager query output) Rekeying the drives to default KeyID 0x0 will allow full access to the data on the encryption drives without the requirement for key server authentication.
- https://kb.netapp.com/Legacy/ONTAP/7Mode/NSE__How_to_replace_a_Mother_Board_in_an_HA_configuration_with_NSE_ONTAP_8_3_and_LowerApplies to Data ONTAP Description This article describes the NetApp Storage Encryption (NSE) 7-Mode controller replacement procedures for Data ONTAP 8.1.1 or later.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_renew_NSE_AK_type_encryption_keys_when_using_Onboard_Key_Manager_OKMApplies to ONTAP 9.1 through 9.7 NetApp Storage Encryption (NSE) Onboard Key Management (OKM) Description NetApp hardware-based encryption supports full-disk encryption (FDE) of data as it is written....Applies to ONTAP 9.1 through 9.7 NetApp Storage Encryption (NSE) Onboard Key Management (OKM) Description NetApp hardware-based encryption supports full-disk encryption (FDE) of data as it is written. In some environments, it is necessary to renew the encryption keys for these devices. For more information, review the following: Configuring NetApp hardware-based encryption Currently, the only way to renew the NSE-AK is to completely remove OKM and rerun the setup script.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Cannot_remove_node_XX_because_its_storage_encryption_devices_use_authentication_keysApplies to Attempts to unjoin a node from cluster fail with error: ::>cluster remove-node -node cluster-01 Command failed, Cannot remove node cluster-01 because its storage encryption devices use auth...Applies to Attempts to unjoin a node from cluster fail with error: ::>cluster remove-node -node cluster-01 Command failed, Cannot remove node cluster-01 because its storage encryption devices use authentication keys that will not be available to the node after it leaves the cluster. Use "storage encryption disk show" and "storage encryption disk modify" commands to set the FIPS and data AKs of the devicesowned by the node and the failover partner to the default manufacturer secure ID keyID 0x0.
- https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Cannot_unjoin_NSE_node_from_cluster_gives_Error__command_failed__Cannot_unjoin_nodeNetApp Storage Encryption (NSE) Unable to unjoin node from NSE cluster after the NSE drives were rekeyed to 0x0. ::*> cluster unjoin -node <node> Error: command failed: Cannot unjoin node "<node>" bec...NetApp Storage Encryption (NSE) Unable to unjoin node from NSE cluster after the NSE drives were rekeyed to 0x0. ::*> cluster unjoin -node <node> Error: command failed: Cannot unjoin node "<node>" because its Storage available to the node after it leaves the cluster. encryption disk show" and "storage encryption disk modify" commands to set the FIPS and data AKs of devices owned by the node and the failover partner to the default Manufacture Secure ID (MSID), keyID 0x0.