Skip to main content
NetApp Knowledge Base

What are the software-based encryption capabilities in ONTAP?

Last Updated:

Applies to

  • ONTAP 9
  • NetApp Volume Encryption (NVE)
  • NetApp Aggregate Encryption (NAE)


NetApp Volume Encryption (NVE)
  • Per Volume, Software-based, data-at-rest encryption solution
  • Available starting with NetApp ONTAP 9.1
  • Allows ONTAP to encrypt data and to have that data stored on disk without requiring self-encrypting drives.
  • Allows customers to use storage efficiency features that would be lost if the customer decided to encrypt at the application layer.
  • Customers can use any existing disk with NVE, which also includes NetApp Storage Encryption (NSE) drives for double or layered encryption.
NetApp Aggregate Encryption (NAE)
  • An enhancement of the software-based NVE data-at-rest solution.
  • Available starting with ONTAP 9.6.
  • NAE enables use of aggregate deduplication for greater storage efficiency.
  • Allows ONTAP to encrypt data for each volume with the keys shared for the aggregate.


Note: NVE and NAE are the only options available for encrypting data in NetApp MetroCluster software and ONTAP Select.


NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.