Understanding StorageGRID Encryption Options ...

... or, what the heck do we do with these FIPS disks? 😉

I recently installed some StorageGRID SG6060 storage nodes, where the E2860 chassis came with FIPS disks (specifically SG6060,4U,2x1.6TB SSD,58x10TB FIPS). And it took me a while to work out how to utilize the FIPS disks. The answer is below.

Official NetApp documentation is here and covers extra options that are not listed below: Review StorageGRID encryption methods (netapp.com)

Option 1) Node Encryption in the StorageGRID Appliance Installer

This needs to be selected before install but has nothing to do with hardware encryption (disks.)


Option 2) Drive Encryption in the StorageGRID Appliance Installer

This needs to be selected before install but only encrypts the StorageGRID appliance disks (disks in the 1U compute node, it has nothing to do with SANtricity managed disks.)


Option 3) Drive Security in SANtricity System Manager <-- This is where we could utilize the FIPS disks

Would need to be managed for each E-Series array but could be enabled post StorageGRID Appliance installation.


Option 4) Storage Object Encryption in Grid Manager

This can be enabled/disabled at any time (but previously unencrypted objects will not be encrypted, encryption will only apply to new objects.)

Comments

  1. And then, there is also object storage-side encryption, and storage-side encryption with client-specified keys (SSE and SSE-C). See this page for a start of all options: https://docs.netapp.com/us-en/storagegrid-118/admin/reviewing-storagegrid-encryption-methods.html

    ReplyDelete
  2. And then there is also object storage-side encryption and storage-side encryption with customer-provided keys (SSE and SSE-C). See this page for more info: https://docs.netapp.com/us-en/storagegrid-118/admin/reviewing-storagegrid-encryption-methods.html

    ReplyDelete

Post a Comment