Enabling NVE | NetApp | Page 1

wary stratus Jan 10, 2023, 9:14 AM

#

Hi all, just looking for some information, I'm trying to setup volume encryption on 1 of the new volumes I created. I completed the steps from: https://docs.netapp.com/us-en/ontap/encryption-at-rest/configure-netapp-volume-encryption-concept.html#understanding-nve
when I run: volume show -is-encrypted true; it shows the volume has been encrypted. But how can I tell if the data in this volume is encrypted?
Is there a way to enable volume access for specific group of people using the encryption key? to avoid unauthorized access

tacit yacht Jan 10, 2023, 9:24 AM

#

Have a read through this KB, from how you’ve described what you want, this doesn’t work as you think it does. https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/FAQ%3A_NetApp_Volume_Encryption_and_NetApp_Aggregate_Encryption

NetApp Knowledge Base

FAQ - NetApp Volume Encryption and NetApp Aggregate Encryption

NetApp Volume Encryption (NVE) is a software-based, data-at-rest encryption solution available starting with NetApp ONTAP 9.1 management software. NVE allows ONTAP to encrypt data and to have that …

#

The keys are used by ONTAP to protect the data at rest, there is a good diagram of the workflow at the second link in overview section

#

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_does_NVE_and_NAE_encrypt_data

NetApp Knowledge Base

How does NVE and NAE encrypt data?

wary stratus Jan 10, 2023, 9:30 AM

#

tacit yacht Have a read through this KB, from how you’ve described what you want, this doesn...

Thanks Jason, I have read through this and from what I understand, it encrypts the volume. I want to enable encryption on the volume where you can only view the data if you have the passphrase, which I understand is probably not possible

tacit yacht Jan 10, 2023, 9:31 AM

#

Yeah that’s not possible with these technologies

wary stratus Jan 10, 2023, 9:34 AM

#

tacit yacht Yeah that’s not possible with these technologies

Thanks Jason, I will have another think around 🙂

tacit yacht Jan 10, 2023, 9:40 AM

#

It’s not something I’ve done before but perhaps someone else here has some suggestions

wary stratus Jan 10, 2023, 10:08 AM

#

Happy for others to make any suggestions if anyone has any 😃

wary stratus Jan 10, 2023, 1:35 PM

#

Additional question, does anyone know how to disable NVE for FlexGroup volumes?
I tried:
volume move start -vserver Data -volume EncryptDrive__0001 -destination-aggregate aggr_1 -encrypt-destination false

but get the error: Changing the encryption behavior is not allowed for FlexGroup constituents.

tacit yacht Jan 10, 2023, 2:45 PM

#

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Remove_Encryption_for_a_FlexGroup

NetApp Knowledge Base

Remove Encryption for a FlexGroup

#

Are you running that from diag mode?

wary stratus Jan 10, 2023, 2:55 PM

#

ahhh got it, thanks its working from diag mode

tacit yacht Jan 10, 2023, 3:02 PM

#

No worries, constituents are only available in diag so you have to do it there

#Enabling NVE