跳转到主内容

是否可以调整NetApp卷加密转换/重新设置密钥过程?

Views:
24
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

适用场景

  • NetApp卷 加密(NVE)
  • ONTAP 9

问题解答

文章介绍了使用volume encryption conversionvolume encryption rekey 命令将现有卷从未加密卷转换为已加密卷或重新设置现有加密卷密钥时的基本NetApp卷加密(NVE)问题。

是否可以更改每个节点可以运行的卷转换作业数量?
  • 无法调整NVE转换过程。
  • 建议每个节点一次最多启动4个转换作业。
是否有办法提高NVE转换作业的优先级?
  • 无法更改NVE转换过程的优先级。ONTAP将数据访问操作的优先级置于NVE进程之上。
  • 减少存储系统上的工作负载会提高转换作业的优先级。

注意:建议每个节点同时执行的组合加密转换或加密卷移动不超过四次。
 
示例:

建议在一个节点上进行两次卷转换和两次卷加密移动、但 不建议在一个节点上进行四次卷转换和四次卷加密移动。

追加信息

如果您不能等待转换完成、请执行此过程以改用卷移动:

  1. 确保转换处于暂停状态

::>volume encryption conversion show 

::*> volume encryption conversion show
Vserver   Volume     Start Time       Status
---------- ------------ --------------------- -----------------------
NAS     test      3/29/2022 12:53:47   Paused by user

 

  1. 暂停后、使用"-encrypt-destination true "将卷移动到同一聚合或新目标

::*> vol move start -volume test -vserver NAS -destination-aggregate aggr1 -encrypt-destination true

Warning: Volume encryption operation is already in progress on volume "test". Volume move will use the new key to encrypt
     the destination.
Do you want to continue? {y|n}: y
[Job 2829] Job is queued: Move "test" in Vserver "NAS" to aggregate "aggr1". Use the "volume move show -vserver NAS -volume test" command to view the status of this operation.

 

  1. 移动完成后、请观察移动表和转换表是否为空。 

::*> volume encryption conversion show
There is no volume encryption conversion in progress.

::*> vol move show
This table is currently empty.

  1. 最终结果是卷已加密。 

::*> vol show test -fields encryption-state,encryption-type,key-id
vserver volume encryption-type encryption-state key-id                                     
------- ------ --------------- ---------------- --------------------------------------------------------------------------------
NAS    test   volume      full        000000000000000002000000000005005bd8884c3a197cedc9c1cf4975486e000000000000000000

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.