You are correct.
From the Power Guide:
An external KMS would defeat that purpose...NetApp Volume Encryption (NVE) is a software-based technology for encrypting data at rest one volume at a time. An encryption key accessible only to the storage system ensures that volume data cannot be read if the underlying device is repurposed, returned, misplaced, or stolen.
Both data, including Snapshot copies, and metadata are encrypted. Access to the data is given by a unique XTS-AES-256 key, one per volume. An Onboard Key Manager secures the keys on the same system with your data.
Based on this slide from the netapp university and the following doc, it looks to me like NVE is OKM only.Anyone have any information to support otherwise?
(my screenshot of university slide was blocked due to size)
https://netapp.sabacloud.com/Saba/Web_spf/NA1PRD0047/ common/leclassdetail/ regdw000000003193830
On one of the slides here in the 9.1 new features document it says "Federal Internet processing standards 140...level 2 compliance, NSE systems and external KMIP server still required)
I take that to have the unfortunate meaning that NVE cannot be used with an external key management server.
--Jordan
_______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters