visual sluice
My understanding is:
NAE can do cross-volume deduplication, not sure of compression or compaction.
NVE cannot do dedup, compression or compact.
I was told that HW encryption can still maintain storage efficiency. But why? Which one happens first? If encryption happens before data is processed for efficiency, then how come encrypted data still can be deduped/compressed/compacted?
dim cosmos
With HW encryption, the SED and NSE drives the drive itself is doing the encryption. ONTAP just holds the key.
With NAE/NVE ONTAP is doing both, encrypting and locking it.
NAE allows for the cross volume dedupe because it's more of a shared key type config than encrypting the aggr itself.
NVE is a specific key to the volume. Which keeps it isolated.
visual sluice
With HW encryption, the SED and NSE drives the drive itself is doing the encryption. ONTAP just holds the key.
Where and when did storage efficiency happen before encryption or after the encryption?
dim cosmos
Think of it as "unlocking the box to store data while it's booting".
So if a drive is taken, it itself is encrypted.
limpid current
With hardware encryption
Data->ONTAP->vol->Aggr->WAFL->RAID->disk (which is encrypted)
With NAE
Data->ONTAP->vol->Aggr(all volumes on aggregate have SAME key, encryption happens here)->WAFL->RAID->disk
NVE
Data->ONTAP->vol(each volume has its own key, encryption happens here)->Aggr->WAFL->RAID->disk
With NAE, since all volumes share the same key, the cross volume efficiencies may happen.
With hardware encryption, all the cross volume efficiencies happen before it reaches the disk/encryption layer
Within NVE, each volume has a different key. ONTAP cannot do cross volume efficiencies when the volumes have their own individual key.
visual sluice
With hardware encryption, all the cross volume efficiencies happen before it reaches the disk/encryption layer
So, with HW encryption, there will be no volume deduplication, compression or compaction. Correct?
Within NVE, each volume has a different key. ONTAP cannot do cross volume efficiencies when the volumes have their own individual key.
With NVE, there will be no deduplication, compression or compaction, no any storage efficiency. Correct?
hazy cloak
it won't be cross volume.
Meaning if you have 2 volumes in one Aggregate, they will not dedupe across them, but it can still be performed on a single volume
just for reference/example..
We had NAE enabled for one of our NAS systems and were using cross volume dedupe as a large portion of data was the same from one of our applications (one for reporting and the other for archive).
We had a really good dedupe rate with this.
However, one of our customers demanded they be put on their own aggregate and not have any shared keys..
Once we moved to NVE and had NAE disabled, that dedupe rate went flat, but we still had a decent one from NVE.
So, depending on how much data is shared across volumes, you may or may not lose anything.