6

What are the commands to enable disk encryption on a NetApp NAS, can this be done per disk/array?

Lucas Kauffman
  • 16,818
  • 9
  • 57
  • 92

1 Answers1

2

You didn't give me much more information as some commands are specific to the type of nas you have but shot in the dark.

Manually enable the encryption on this replacement drive with the existing KeyID that is on the assigned storage controller, by running the following commands:

disk assign <disk_name>  

Assigns the replacement drive to the storage controller. Replace with the disk label name.

disk encrypt show   

Dis[lays the drives assigned to the storage controller and the current KeyID used on the Storage System. Write down the encryption KeyID to be used for the next command.

disk encrypt rekey <key_id> <disk_name>   

Rekeys the replacement drive with the controller’s current KeyID.

disk encrypt lock <disk_name> 

Locks the replacement drive and enables the storage encryption on the disk.

disk encrypt show  

Verify the replacement drive has the same KeyID as the other SEDs and that it is Locked.

Note: The drive has to be Locked to enable storage encryption on the drive.

Example:

nse2040cl1-rtp2> disk assign 0c.00.7
Thu Nov 10 20:19:15 EST [nse2040cl1-rtp2:diskown.changingOwner:info]: changing ownership for disk 0c.00.7 (S/N ***********) from unowned (ID *********) to nse2040cl1-rtp2 (ID 135113972)

nse2040cl1-rtp2> disk encrypt show
Disk       Key ID                                                            Locked?
0c.00.9    ****************************************************************  YES
0c.00.4    ****************************************************************  YES
0c.00.11   ****************************************************************  YES
0c.00.0    ****************************************************************  YES
0c.00.7    0x0                                                                No  <--Note that the KeyID is 0x0 and it is not Locked; a drive that is not locked is treated as a Cleartext unencrypted drive.

nse2040cl1-rtp2> disk encrypt rekey **************************************************************** 0c.00.7
0c.00.7 successful rekey.

nse2040cl1-rtp2> disk encrypt lock 0c.00.7  <--Locks and enables full disk encryption on the replacement drive.
0c.00.7 successful lock.

nse2040cl1-rtp2> disk encrypt show
Disk       Key ID                                                            Locked?
0c.00.9    ****************************************************************  YES
0c.00.4    ****************************************************************  YES
0c.00.11   ****************************************************************  YES
0c.00.0    ****************************************************************  YES
0c.00.7    ****************************************************************  YES <--Verify the drive has the same Encryption Key ID as the existing drives and verify the drive is LOCKED to enable encryption.
nse2040cl1-rtp2>
JMeterX
  • 3,387
  • 15
  • 31