Question: Do you need a Trusted Platform Module
(TPM) license key to enable NetApp Volume Encryption?
Answer: No. TPM is not required for NVE.
It’s easy to prove this. I have an ONTAP 9.5 system which
only has the VE (Volume Encryption Key).
cluster1::> license show -package
TPM,VE
Owner: cluster1-01
Package Type Description
------- -------- ---------------------
VE
license Volume Encryption License
Owner: cluster1-02
Package Type Description
------- -------- ---------------------
VE
license Volume Encryption License
And I created an NVE enabled volume without issue:
cluster1::> volume create -vserver
SVM1 -aggregate cluster1_01_SSD_1 -volume NVE_TESTVOL -size 10G -encrypt true
[Job 183] Job succeeded: Successful
And view the encryption status and key:
cluster1::> volume show -encrypt true
-fields encrypt,encryption-state,key-id
vserver volume encrypt encryption-state key-id
------- -------- ------- ----------------
--------------------------------------------------------------------------------
SVM1
NVE_TESTVOL true full
0000000000000000020000000000050072c1f19f51ae07aacfb40ee8ca9a2f2e0000000000000000
Image: Proving NVE without TPM
Further Information
NetApp Volume Encryption, The Nitty Gritty
TRUSTED PLATFORM MODULE (TPM) SUPPORTED PLATFORMS
Only these and newer ONTAP platforms have TPM modules
integrated:
AFF A200, AFF A300, AFF A700, AFF A700s, FAS2620, FAS2650,
FAS8200, FAS9000
In hwu.netapp.com you’ll see some of the older platforms
without the TPM module do support NVE. Also, check out the KB below:
Comments
Post a Comment