How do I unencrypt an NAE volume?
Applies to
- ONTAP 9
- NetApp Volume Encryption (NVE)
- NetApp Aggregate Encryption (NAE)
Answer
Use one of the following methods:
1. Use another aggregate:
a. Move the volumes to another non-NAE aggregate and convert them to plain text volumes:
::> volume move start -vserver <vserver_name> -volume <volume_name> -destination-aggregate <aggr_name> -encrypt-destination false -encrypt-with-aggr-key false
2. Use the same aggregate:
a. Assuming you have space in the existing NAE aggregate, move the volumes to convert them from NAE to NVE (which NAE aggregates do allow) in the same aggregate:
::> volume move start -vserver <vserver_name> -volume <volume_name> -destination-aggregate <aggr_name> -encrypt-destination true -encrypt-with-aggr-key false
b. After all the volumes are NVE, and no NAE encrypted volumes exist, disable NAE on the aggregate:::> aggregate modify -aggregate <aggr_name> -node <node_name> -encrypt-with-aggr-key false.
Note: Make sure that no aggregate snapshot copies exist, or the command will fail.
c. Move the NVE volumes to unencrypt them and convert them to plain text:
::> volume move start -vserver <vserver_name> -volume <volume_name> -destination-aggregate <aggr_name> -encrypt-destination false
Note: If the step b was missed, the volume move will fail with the error:
Error: command failed: The destination aggregate "aggr_name" is an NAE (NetApp Aggregate Encryption) aggregate. Non-encrypted volumes are not supported in such aggregates.