Restore OKM, NSE, and NVE as needed - AFF A200
Once environment variables are checked, you must complete steps specific to systems
that have Onboard Key Manager (OKM), NetApp Storage Encryption (NSE) or NetApp
Volume Encryption (NVE) enabled.
Determine which section you should use to restore your OKM, NSE, or NVE configurations:
If NSE or NVE are enabled along with Onboard Key Manager you must restore settings you captured at the
beginning of this procedure.
• If NSE or NVE are enabled and Onboard Key Manager is enabled, go to
Option 1: Restore NVE or NSE
when Onboard Key Manager is enabled
.
• If NSE or NVE are enabled for ONATP 9.5, go to
Option 2: Restore NSE/NVE on systems running ONTAP
9.5 and earlier
.
• If NSE or NVE are enabled for ONTAP 9.6, go to
Option 3: Restore NSE/NVE on systems running ONTAP
9.6 and later
.
Option 1: Restore NVE or NSE when Onboard Key Manager is enabled
Steps
1. Connect the console cable to the target node.
2.
Use the
boot_ontap command at the LOADER prompt to boot the node.
3. Check the console output:
If the console
displays…
Then…
The LOADER prompt
Boot the node to the boot menu: boot_ontap menu
Waiting for giveback… a.
Enter
Ctrl-C at the prompt
b. At the message: Do you wish to halt this node rather than wait [y/n]? ,
enter:
y
c.
At the LOADER prompt, enter the
boot_ontap menu command.
4.
At the Boot Menu, enter the hidden command,
recover_onboard_keymanager and reply y at the
prompt
5. Enter the passphrase for the onboard key manager you obtained from the customer at the beginning of this
procedure.
6. When prompted to enter the backup data, paste the backup data you captured at the beginning of this
procedure, when asked. Paste the output of
security key-manager backup show OR security
key-manager onboard show-backup
command
The data is output from either security key-manager backup show or security
key-manager onboard show-backup
command.
Example of backup data:
16
To Next Page
Loading...
Need help?
General
