跳转到主内容

是否可以调整NetApp卷加密转换/重新设置密钥的过程?

Views:
21
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

适用场景

  • NetApp 卷加密 (NetApp Volume Encryption, NVE)
  • ONTAP 9

问题解答

文章介绍了使用 volume encryption conversionvolume encryption rekey 命令将现有卷从未加密卷转换为已加密卷或重新设置现有加密卷密钥时的基本NetApp卷加密(NVE)问题。

是否可以更改每个节点可运行的卷转换作业数?
  • 无法调整NVE转换过程。 
  • 建议每个节点一次启动的转换作业不超过4个。
是否可以提高NVE转换作业的优先级?
  • 无法更改NVE转换过程的优先级。ONTAP 优先处理数据访问操作、而不是NVE进程。
  • 减少存储系统上的工作负载会增加转换作业的优先级。

注意: 建议每个节点的加密转换或加密卷移动总数不超过四次。
 
示例:

建议在一个节点上执行两个卷转换和两个卷加密操作、但不建议在一个节点上执行四个卷转换和四个卷加密操作。

追加信息

如果无法等待转换完成、请执行此过程以改用卷移动:

  1. 确保转换处于暂停状态

::>volume encryption conversion show 

::*> volume encryption conversion show
Vserver   Volume     Start Time       Status
---------- ------------ --------------------- -----------------------
NAS     test      3/29/2022 12:53:47   Paused by user

 

  1. 暂停后、使用"-encrypt-destination true"将卷移动到同一聚合或新目标

::*> vol move start -volume test -vserver NAS -destination-aggregate aggr1_urithiru_01 -encrypt-destination true

Warning: Volume encryption operation is already in progress on volume "test". Volume move will use the new key to encrypt
     the destination.
Do you want to continue? {y|n}: y
[Job 2829] Job is queued: Move "test" in Vserver "NAS" to aggregate "aggr1_urithiru_01". Use the "volume move show -vserver NAS -volume test" command to view the status of this operation.

 

  1. 移动完成后、观察移动表和转换表是否为空。 

::*> volume encryption conversion show
There is no volume encryption conversion in progress.

::*> vol move show
This table is currently empty.

  1. 最终结果是加密卷。 

::*> vol show test -fields encryption-state,encryption-type,key-id
vserver volume encryption-type encryption-state key-id                                     
------- ------ --------------- ---------------- --------------------------------------------------------------------------------
NAS    test   volume      full        000000000000000002000000000005005bd8884c3a197cedc9c1cf4975486e000000000000000000

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.