Sunday, 11 November 2018

Researches on NVE (NetApp Volume Encryption)

I needed to quickly swot up on NetApp Volume Encryption (NVE), hence I compiled a few links I found/thought useful. NVE has been out since late 2016 now. It’s simple (after less than 2 hours swotting, I felt I knew everything I needed to know.) Here are the links with a few notes.
Note: Some of these links require you to have already logged into the relevant website.

(2016.09.26) Behind the Scenes: Episode 59 – NetApp Volume Encryption
NVE is available in ONTAP 9.1
Previously, to encrypt data at rest on ONTAP systems (with NSE), it was an all or nothing deal.
ONTAP 9 introduced the ability to do an on-box key management (for NSE).
With NVE you can encrypt data at a per-volume level.
NVE leverages the AES-NI capabilities on CPU, so there are hardware restrictions.
Supported platforms include:
- FAS 6280 and 6290
- FAS 8xxx
- And all the newest released platforms (A series, FAS9xxx, etc)

ONTAP 9 Documentation Center
Configuring NetApp Volume Encryption
Enabling encryption on a new volume
Starting with ONTAP 9.2, you can enable encryption on a SnapLock volume.
Enabling encryption on an existing volume with the volume encryption conversion start command
Starting with ONTAP 9.3, you can use the volume encryption conversion start command to enable encryption on an existing volume.
Enabling encryption on an existing volume with the volume move start command
(The only method in ONTAP 9.1 and ONTAP 9.2.)

(VIDEO) NetApp Volume Encryption (NVE)
Setting up the key manager. Encrypting an existing volume and creating a new volume.

(2018.01.09) Worry Less in the New Year with NetApp Volume Encryption
Article by Jeff Baxter (Chief Evangelist for NetApp’s ONTAP Software & Systems Group.)

Docs & Knowledgebase > GPS > NetApp Volume Encryption (NVE)
Useful links including:
Services Partners: What are the Licensing details for NetApp Volume Encryption (NVE)?

(PDF Manual) NetApp Encryption Power Guide - ONTAP 9

(PDF Datasheet) NetApp Volume Encryption

Hardware Universe
If you need to check if platform can do NVE.

Technical FAQ - NetApp Volume Encryption
Arguably the most useful document but it is only available to NetApp Personnel and Partners. It answered a specific question I was interested in:
Q: Can my source volume be encrypted and my SnapMirror target be unencrypted, or conversely?
A: Yes. The source volume and destination volume can have different encryption settings.
Note: The published NVE datasheet contains many of details covered in this technical FAQ.

No comments:

Post a Comment