Does NetApp support encrypted and non-encrypted disks on the same node?
Applies to
- NetApp Storage Encryption (NSE)
- FIPS drives
- SED Drives (NVMe Self-Encrypting Drives)
Answer
FIPS Drives
- NetApp Storage Encryption uses Self-Encrypting Disks (SED) that are FIPS certified.
- FIPS certificate information for FIPS drives can be found on the Disk Drive & Firmware Matrix.
- In the Hardware Universe for Drives, when searching by drive model, the Encrypted column will show Yes. Clicking on the word "Yes" will show the supported encryption standards of FIPS 140-2 or FIPS 140-3 and NSE.
- Drives of this type CANNOT be mixed with drives that are not FIPS certified SEDs in the same node or HA pair.
SED Drives
- NVMe self-encrypting drives do not have FIPS 140-2 or FIPS 140-3 certification.
- However, these disks use AES 256-bit transparent disk encryption to protect data at rest.
- ONTAP 9.6 introduced support for NVMe SEDs for the AFF A800 and AFF A320 platforms.
- In the Hardware Universe for Drives, when searching by drive model, the Encrypted column will show as Yes. Clicking on the word "Yes" will show the supported standards of AES-256.
- Drives of this type CAN be mixed with other drives that are not NVMe SEDs in the same node or HA pair.
Additional Information