Hi Stephen,
yes, NVE is a purely software-defined encryption on a per Volume basis, also supported on ONTAP Select for example.
From what I understand it doesn’t matter if one HA pair in the cluster is capable of NVE, the others can still use NVE on their Volumes.
You just cannot move an encrypted Volume to a non-capable HA-pair without explicitly specifying the “-encrypt-destination false” option in the vol move command (which then moves it over unencrypted).
Best regards Marcel ________________________________ [cid:image001.png@01D0EFA1.22C05EB0]
Marcel D. Juhnke - Senior Storage Analyst EALA IS Delivery Center - ASG Accenture Services GmbH Graf-Stauffenberg-Str. 6 - D-95030 Hof / Germany Phone: +49 (9281) 925 2877 Mobile: +49 (175) 57 60019 Mail / Skype for Business: marcel.juhnke@accenture.commailto:marcel.juhnke@accenture.com
[NCDA] [NCIE]
Sitz: Kronberg. Registergericht: Königstein im Taunus, HRB 5967. Geschäftsführer: Marcus Huth, Frank Mang, Stefan Smolka, Michael Sturm. --- Confidential ---
From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Stephen Stocke Sent: Mittwoch, 25. Januar 2017 23:45 To: Parisi, Justin Justin.Parisi@netapp.com Cc: toasters@teaparty.net Subject: Re: Volume Encryption Hardware
Thanks Tim and Justin for your replies.
I'm also wondering if you can mix NVE and non-NVE capable hardware in the same cluster and still license and use the feature? (On volumes hosted on the NVE capable HA pair). The NSE documentation has a statement about heterogeneous clusters but I can't find one regarding NVE. Specifically, I'd like to scale-out an existing FAS2552 switched cluster with a FAS2650 HA pair. In that scenario, can we use NVE for volumes on the FAS2650 aggregates?
On 25 January 2017 at 21:41, Parisi, Justin <Justin.Parisi@netapp.commailto:Justin.Parisi@netapp.com> wrote: In general, the hardware requirement is a platform that has processors that are AES-NI capable to do the encryption offloading to offset performance. All new platforms will have that, for the most part.
From: toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.netmailto:toasters-bounces@teaparty.net] On Behalf Of Tim Stiller Sent: Wednesday, January 25, 2017 12:51 PM To: Stephen Stocke <scstocke@gmail.commailto:scstocke@gmail.com>; toasters@teaparty.netmailto:toasters@teaparty.net Subject: Re: Volume Encryption Hardware
Hi Stephen, a complete list of supported platforms for NVE is available here:
http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-nve%2FG...https://urldefense.proofpoint.com/v2/url?u=http-3A__docs.netapp.com_ontap-2D9_index.jsp-3Ftopic-3D-252Fcom.netapp.doc.pow-2Dnve-252FGUID-2DEAD13D8E-2D0219-2D45B6-2DA2C6-2DB25B76C9CA1A.html&d=DgMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=GcNS7tdzbD9kRwYidanFzqYRAZE92rxZs2pwJh45DL0&m=MLSNbF1-Npiroiyi7uUdrGB_iGMK85QgupvCbk2x_cQ&s=gyvscEK2voj9V3aFXUxTc1dAq6tA5xj4lf-5JTGHFB4&e= best regards, Tim
Stephen Stocke <scstocke@gmail.commailto:scstocke@gmail.com> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr: Hello
I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see anything that shows NVE compatibility. I've also tried IMT but I've never been able to get along with that tool.
Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.
I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.
Any pointers to the right docs would be greatly appreciated!
Kind regards Steve _______________________________________________ Toasters mailing list Toasters@teaparty.netmailto:Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toastershttps://urldefense.proofpoint.com/v2/url?u=http-3A__www.teaparty.net_mailman_listinfo_toasters&d=DgMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=GcNS7tdzbD9kRwYidanFzqYRAZE92rxZs2pwJh45DL0&m=MLSNbF1-Npiroiyi7uUdrGB_iGMK85QgupvCbk2x_cQ&s=KH6iAjzYtzhiZaSPffBUzhScYr2IVpJjextDEry7OCg&e=
________________________________
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
