Skip to main content
NetApp Knowledge Base

Is it safe to use the -force-disable-encrypt-with-aggr-key when disabling NAE

  1. Last updated
  2. Save as PDF
Views:
373
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • NetApp Aggregate Encryption (NAE)
  • MetroCluster (MCC)

Answer

This parameter allows disabling NetApp Aggregate Encryption (NAE) on an aggregate if the user is certain there is no aggregate snapshot for that aggregate containing NAE volumes. If the parameter is set to true, aggregate snapshot check is skipped and NAE is disabled.

In MCC there will be always just one single aggregate snapshot, it’s deleted every 5min by default (aggregate option "resyncsnaptime" can be checked to confirm the time parameter) and a new one is created.

When we convert an aggregate from NAE to NVE we must be sure that no aggregate snapshot contains blocks from any NAE volume anymore. So after the conversion of the last volume is completed, we can be sure that ~5min later when the aggregate snapshot is renewed, the Syncmirror aggregate Snapshot does not contain NAE volume blocks anymore.

We can then safely use -force-disable-encrypt-with-aggr-key true  option when removing NAE from the Aggregate:

::> storage aggregate modify -aggregate aggregate_name -node node_name -force-disable-encrypt-with-aggr-key true

Additional Information

additionalInformation_text

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.