What is the difference between NSE and NVMe SED drives?
Applies to
- ONTAP 9
- NetApp hardware-based encryption
- NVMe SED drives (not FIPS 140-2 certified)
- NetApp Storage Encryption (NSE) (FIPS 140-2 level 2 certified)
Answer
NetApp Storage Encryption (NSE), full disk encryption is available with FIPS 140-2 level 2 self-encrypting drives (SEDs). Full disk encryption is also available for NVMe SEDs that do not have FIPS 140-2 certification.
NSE | NVMe SED |
Entire disk encrypted | Entire disk encrypted |
AES 256 encryption | AES 256 encryption |
Onboard or external key management | Onboard or external key management |
FIPS 140-2 level 2 validated when used with external key manager; FIPS level depends on key manager use and implementation | No FIPS 140-2 certifications |
All drives (including HA pairing) must be NSE drives; you cannot mix NSE and non-NSE drives |
You can mix NVMe SSDs and NVMe SEDs, but not NSE drives |
Source: Datasheet NetApp Storage Encryption, NVMe Self-Encrypting Drives, NetApp Volume Encryption, and NetApp Aggregate Encryption |