如何为NVE配置OKM以及从何处获取加密密钥
适用场景
- ONTAP 9
- NetApp 卷加密 (NetApp Volume Encryption, NVE)
- 板载密钥管理器(OKM)
问题解答
板载密钥管理 器是一个内置工具、可从与数据相同的存储系统为节点提供身份验证密钥。使用OKM时、您不需要外部密钥管理器来生成加密密钥—密钥会自动生成—只需运行"
security key-manager onboard enable
"即可。第 1 步:
运行
步骤2:
security key-manager onboard enable
命令cluster2::> security key-manager onboard enable
Enter the cluster-wide passphrase for the Onboard Key Manager:
Re-enter the cluster-wide passphrase:
After configuring the Onboard Key Manager, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation. To view the data, use the "security key-manager onboard show-back up" command.
The onboard passphrase MUST be 32 to 256 ASCII-range characters long.
步骤2:
检查密钥
cluster2::> security key-manager key query -node cluster2-01
Node: cluster2-01
Vserver: cluster2
Key Manager: onboard
Key Manager Type: OKM
Key Tag Key Type Restored
------------------------------------ -------- --------
cluster2-01 NSE-AK true
Key ID: 000000000000000002000000000001006a4cdad760624da1f32a58fe1e6c986f0000000000000000
cluster2-01 NSE-AK true
Key ID: 000000000000000002000000000001009426182227410fcf2aba4988886a80b00000000000000000
2 entries were displayed.