Encrypting volumes with NetApp Volume Encryption Edit on GitHub Request doc changes

Contributors netapp-bcammett

NetApp Volume Encryption (NVE) is a software-based technology for encrypting data at rest one volume at a time. Data, Snapshot copies, and metadata are encrypted. Access to the data is given by a unique XTS-AES-256 key, one per volume.

About this task
  • Starting with Cloud Manager 3.7.1, a NetApp Volume Encryption license is automatically installed on each Cloud Volumes ONTAP system that is registered with NetApp Support.

  • At this time, Cloud Volumes ONTAP supports NetApp Volume Encryption with an external key management server. An Onboard Key Manager is not supported.

  • You need to set up NetApp Volume Encryption from the ONTAP CLI.

    You can then use either the CLI or System Manager to enable encryption on specific volumes. Cloud Manager does not support NetApp Volume Encryption from its user interface and from its APIs.

Steps
  1. Review the list of supported key managers in the NetApp Interoperability Matrix Tool.

    Search for the Key Managers solution.
  2. Connect to the Cloud Volumes ONTAP CLI.

  3. Install SSL certificates and connect to the external key management servers.

  4. Create a new encrypted volume or convert an existing unencrypted volume using either the CLI or System Manager.