#Encryption volume status in AIQUM 9.14

Hi all,
Strange messages ActiveIQ unified manager 9.14 after adding a few systems including a MC-IP.
It states some volumes have hardware encryption and some don't.
Encryption is not yet enabled.
Any ideas?
Thanks!

Some of your systems are using NSE disk so you need to rekey the disks. Simply click the button in System Manager.
Sometimes that doesn't work so you need to do it via CLI.

Check the NSE keys:

security key-manager key query -key-type NSE-AK

Then add one of the two keys to your disks (doesn't matter which one):

storage encryption disk modify -disk [disk] -data-key-id [key-id]

for symmetry, I would encrypt the disks from one cluster (both pool 0 and pool 1) with one key, and the disks from the other cluster with the other key. But that's just personal OCD, as OG1 said you can use any key as they are shared/synced within the MetroCluster anyway 🙂

Alright, will have a look.
But why is it reported this way. All volumes are created the same way.

it's not about the volumes. it's about the disks. They are self-encrypting drives (SED) but to actually have them encrypted you have to set up the key manager and then lock the disks with a key. This is not done by default.
P.S: make absolutely sure you have the OKM backup and the passphrase stored safely outside the NetApp system 😉

I understand who it works and is configured. But AIQUM reporting some volumes as hardware encrypted and some as none is just confusing for customers.

Without knowing your config, my guess would be that the volumes are on different aggregates and one happens to be on disks that are correctly rekeyed, while the other isn't?

Nope, all on the same node and aggregate. It is a new setup. Encryption not yet enabled

hm. sounds to me like a bug then 🤷‍♂️