Why are new volumes encrypted with NetApp Volume Encryption (NVE) by default?
Applies to
- NetApp Volume Encryption (NVE)
- ONTAP 9.7 and above
Answer
- Beginning with ONTAP 9.7, aggregate and volume encryption is enabled by default if you have a volume encryption (VE) license and use an onboard or external key manager.
- Whenever an external or onboard key manager is configured there is a change in how the encryption of data at rest is configured for brand new aggregates and brand new volumes.
- Brand new aggregates will have NetApp Aggregate Encryption (NAE) enabled by default.
- Brand new volumes that are not part of an NAE aggregate will have NetApp Volume Encryption (NVE) enabled by default.
- If a data storage virtual machine (SVM) is configured with its own key-manager using multi-tenant key management, then the volume created for that SVM is automatically configured with NVE.