3. Check the version of ONTAP the system is running on the impaired controller if up, or on the partner
controller if the impaired controller is down, using the
version -v command:
◦ If <lno-DARE> or <1Ono-DARE> is displayed in the command output, the system does not
support NVE, proceed to shut down the controller.
◦ If <lno-DARE> is not displayed in the command output, and the system is running ONTAP 9.6 or
later, go to the next section.
4. If the impaired controller is part of an HA configuration, disable automatic giveback from the healthy
controller:
storage failover modify -node local -auto-giveback false or storage
failover modify -node local -auto-giveback-after-panic false
== Check NVE or NSE on systems running ONTAP 9.6 and later
:icons: font
:relative_path: ./asa-c-400/
:imagesdir: /tmp/d20231020-12297-25s5m0/source/./asa-c-250/../media/
Before shutting down the impaired controller, you need to verify whether the system has either NetApp
Volume Encryption (NVE) or NetApp Storage Encryption (NSE) enabled. If so, you need to verify the
configuration.
1.
Verify whether NVE is in use for any volumes in the cluster:
volume show -is-encrypted true
If any volumes are listed in the output, NVE is configured and you need to verify the NVE
configuration. If no volumes are listed, check whether NSE is configured and in use.
2.
Verify whether NSE is configured and in use:
storage encryption disk show
◦ If the command output lists the drive details with Mode & Key ID information, NSE is configured
and you need to verify the NSE configuration and in use.
◦ If no disks are shown, NSE is not configured.
◦ If NVE and NSE are not configured, no drives are protected with NSE keys, it’s safe to shut down
the impaired controller.
== Verify NVE configuration
1. Display the key IDs of the authentication keys that are stored on the key management servers:
security key-manager key query
After the ONTAP 9.6 release, you may have additional key manager types. The types
are
KMIP, AKV, and GCP. The process for confirming these types is the same as
confirming
external or onboard key manager types.
◦
If the
Key Manager type displays external and the Restored column displays yes, it’s safe
to shut down the impaired controller.
◦
If the
Key Manager type displays onboard and the Restored column displays yes, you need
to complete some additional steps.
◦
If the
Key Manager type displays external and the Restored column displays anything other
than
yes, you need to complete some additional steps.
◦
If the
Key Manager type displays onboard and the Restored column displays anything other
than
yes, you need to complete some additional steps.
111
To Next Page
Loading...
