Pre-shutdown checks for onboard encryption keys - AFF A900
Prior to shutting down the impaired controller and checking the status of the onboard
encryption keys, you must check the status of the impaired controller, disable automatic
giveback, and check the version of ONTAP that is running.
If you have a cluster with more than two nodes, it must be in quorum. If the cluster is not in quorum or a healthy
controller shows false for eligibility and health, you must correct the issue before shutting down the impaired
controller; see the
Synchronize a node with the cluster.
Steps
1. Check the status of the impaired controller:
â—¦
If the impaired controller is at the login prompt, log in as
admin.
â—¦
If the impaired controller is at the LOADER prompt and is part of HA configuration, log in as
admin on
the healthy controller.
â—¦ If the impaired controller is in a standalone configuration and at LOADER prompt, contact
mysupport.netapp.com.
2. If AutoSupport is enabled, suppress automatic case creation by invoking an AutoSupport message:
system node autosupport invoke -node * -type all -message
MAINT=number_of_hours_downh
The following AutoSupport message suppresses automatic case creation for two hours: cluster1:*>
system node autosupport invoke -node * -type all -message MAINT=2h
3. Check the version of ONTAP the system is running on the impaired controller if up, or on the partner
controller if the impaired controller is down, using the
version -v command:
â—¦ If <lno-DARE> or <1Ono-DARE> is displayed in the command output, the system does not support
NVE, proceed to shut down the controller.
ONTAP 9.6 and later
Before shutting down the impaired controller, you need to verify whether the system has either NetApp Volume
Encryption (NVE) or NetApp Storage Encryption (NSE) enabled. If so, you need to verify the configuration.
1.
Verify whether NVE is in use for any volumes in the cluster:
volume show -is-encrypted true
If any volumes are listed in the output, NVE is configured and you need to verify the NVE configuration. If
no volumes are listed, check whether NSE is configured and in use.
2.
Verify whether NSE is configured and in use:
storage encryption disk show
â—¦ If the command output lists the drive details with Mode & Key ID information, NSE is configured and
you need to verify the NSE configuration and in use.
â—¦ If no disks are shown, NSE is not configured.
◦ If NVE and NSE are not configured, no drives are protected with NSE keys, it’s safe to shut down the
impaired controller.
Verify NVE configuration
1.
Display the key IDs of the authentication keys that are stored on the key management servers:
security
708
To Next Page
Loading...
Need help?
General
