How to enable NAE aggregate-level encryption with an SVM root volume or MDV_CRS volume
- Views:
- 13,104
- Visibility:
- Public
- Votes:
- 5
- Category:
- metrocluster
- Specialty:
- metrocluster
- Last Updated:
- 6/3/2024, 12:09:40 PM
Applies to
- ONTAP 9.6 and later
- NetApp Aggregate Encryption (NAE)
- MetroCluster
- SVM root volume
- MDV_CRS volume (For MetroCluster)
Description
- When attempting to convert a data aggregate to NAE, the SVM root or MDV_CRS volume will not allow the conversion.
::> aggregate modify -aggregate aggr1 -encrypt-with-aggr-key true
Error: command failed: Failed to modify the aggregate "aggr1" since it contains non-encrypted volumes.
Run the "volume show -encrypt false" command to get the list of non-encrypted volumes.Convert all of them to NVE volumes and try again later.
- Starting with ONTAP 9.6, you can use aggregate-level encryption to assign keys to the containing aggregate for the volumes to be encrypted. Volumes you create in the aggregate are encrypted by default. You can override the default when you encrypt the volume.
- An aggregate enabled for aggregate-level encryption is called an NAE volume (for NetApp Aggregate Encryption). Plaintext volumes are not supported in NAE aggregates.