跳转到主内容

禁用NAE时、使用-force-disable-encrypt-with -aggr-key是否安全?

Views:
7
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2009252685</a>
Last Updated:

适用场景

  • ONTAP 9
  • NetApp 聚合加密( NAE )
  • MetroCluster ( MCC )

问题解答

如果用户确定包含NAE卷的聚合没有聚合快照、则可以使用此参数在聚合上禁用NetApp聚合加密(NAE)。如果参数设置为true、则会跳过聚合快照检查并禁用NAE。

在MCC中、始终只有一个聚合快照、默认情况下每5分钟删除一次(可以检查聚合选项"resyncsnaptime"以确认时间参数)、并创建一个新快照。

将聚合从NAE转换为NVE时、必须确保任何聚合快照不再包含任何NAE卷中的块。因此、在完成最后一个卷的转换后、我们可以确保续订聚合快照后~5分钟、SyncMirror 聚合快照不再包含NAE卷块。

然后、在 -force-disable-encrypt-with-aggr-key true 从聚合中删除NAE时、我们可以安全地使用选项:

::> storage aggregate modify -aggregate aggregate_name -node node_name -force-disable-encrypt-with-aggr-key true

追加信息

附加信息 _text
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.