擦除具有SED驱动器的集群时、未事先解锁驱动器
适用场景
- ONTAP 9
- NetApp 存储加密( NSE )
- 自加密驱动器(SED)
- 全磁盘加密(FDE)
- NetApp板载密钥管理器(OKM)
- KMIP
问题描述
- 升级到包括change1412340在内的ONTAP 版本后
event log show
、会定期发出callhome.nse.ak.check.failed:EMERGENCY
事件:
[cluster01: statd: callhome.nse.ak.check.failed:EMERGENCY]: Call home for Authentication Key Check, disk "disk". Failed
- 既未配置OKM、也未配置外部KMIP:
cluster01::> security key-manager onboard show-backup
Error: show failed: The Onboard Key Manager is not configured for the admin Vserver. Use the "security key-manager onboard enable" command to configure the Onboard Key Manager.
cluster01::> security key-manager external show
No key management servers registered.
- SED驱动器分配的数据密钥ID不是0x0:
cluster01::> storage encryption disk show -fields data-key-id -disk 1.0.1
disk data-key-id
----- ----------------------------------------------------------------
1.0.1 000000000000000002000000000001234ABC46D7EF8901AB1234C56789123456