What are the commands to enable disk encryption on a NetApp NAS, can this be done per disk/array?
-
1Lucas I have the guide which will be easier than listing out commands but don't have a good way to upload it for you, let me try and see if I can toss it up on dropbox. – JMeterX Aug 17 '12 at 12:56
-
What NAS are you using and OS for the NAS? – JMeterX Aug 30 '12 at 20:44
-
1jMeterX, share? :) – CMag Sep 13 '12 at 05:20
1 Answers
You didn't give me much more information as some commands are specific to the type of nas you have but shot in the dark.
Manually enable the encryption on this replacement drive with the existing KeyID that is on the assigned storage controller, by running the following commands:
disk assign <disk_name>
Assigns the replacement drive to the storage controller. Replace with the disk label name.
disk encrypt show
Dis[lays the drives assigned to the storage controller and the current KeyID used on the Storage System. Write down the encryption KeyID to be used for the next command.
disk encrypt rekey <key_id> <disk_name>
Rekeys the replacement drive with the controller’s current KeyID.
disk encrypt lock <disk_name>
Locks the replacement drive and enables the storage encryption on the disk.
disk encrypt show
Verify the replacement drive has the same KeyID as the other SEDs and that it is Locked.
Note: The drive has to be Locked to enable storage encryption on the drive.
Example:
nse2040cl1-rtp2> disk assign 0c.00.7
Thu Nov 10 20:19:15 EST [nse2040cl1-rtp2:diskown.changingOwner:info]: changing ownership for disk 0c.00.7 (S/N ***********) from unowned (ID *********) to nse2040cl1-rtp2 (ID 135113972)
nse2040cl1-rtp2> disk encrypt show
Disk Key ID Locked?
0c.00.9 **************************************************************** YES
0c.00.4 **************************************************************** YES
0c.00.11 **************************************************************** YES
0c.00.0 **************************************************************** YES
0c.00.7 0x0 No <--Note that the KeyID is 0x0 and it is not Locked; a drive that is not locked is treated as a Cleartext unencrypted drive.
nse2040cl1-rtp2> disk encrypt rekey **************************************************************** 0c.00.7
0c.00.7 successful rekey.
nse2040cl1-rtp2> disk encrypt lock 0c.00.7 <--Locks and enables full disk encryption on the replacement drive.
0c.00.7 successful lock.
nse2040cl1-rtp2> disk encrypt show
Disk Key ID Locked?
0c.00.9 **************************************************************** YES
0c.00.4 **************************************************************** YES
0c.00.11 **************************************************************** YES
0c.00.0 **************************************************************** YES
0c.00.7 **************************************************************** YES <--Verify the drive has the same Encryption Key ID as the existing drives and verify the drive is LOCKED to enable encryption.
nse2040cl1-rtp2>
- 3,387
- 15
- 31