NSE How to unconfigure the external key management before upgrading to Data ONTAP 9.3 or later
Applies to
- NetApp Storage Encryption (NSE)
- Key Management Interoperability Protocol (KMIP)
- ONTAP 9.2 and earlier Upgrading to ONTAP 9.3 or later
Description
This article describes the procedure to upgrade a NSE system using an external key management (KMIP) server to ONTAP 9.3 or later.
- A new KMIP client has been released in the ONTAP 9.3 code (KMIP2).
- Keys that were created/stored using a KMIP1 client in pre-ONTAP 9.3 releases cannot be retrieved using the new KMIP2 client.
- For more information, see the ONTAP 9.3 Release Notes.
Page 25:
“Important: If you are upgrading to ONTAP 9.3 from a previous version, you must delete any existing KMIP server connections using the security key-manager delete-kmip-config command before upgrading, then reconfigure the KMIP server connections using the security key-manager
setup command after the upgrade is completed.”
- The following error message may be seen when upgrading a NSE system with external KMIP to ONTAP 9.3:
Error: External key management is configured on the cluster.
Please unconfigure the external key management before
upgrading to Data ONTAP 9.3.
To unconfigure, run the command:
"security key-manager delete-kmip-config"
ERROR: external keymanager check failed.
Install Failed.