跳转到主内容

如何为NVE配置OKM以及从何处获取加密密钥

Views:
2
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2009049969</a>
Last Updated:

适用场景

  • ONTAP 9
  • NetApp 卷加密 (NetApp Volume Encryption, NVE)
  • 板载密钥管理器(OKM)

问题解答

板载密钥管理 器是一个内置工具、可从与数据相同的存储系统为节点提供身份验证密钥。使用OKM时、您不需要外部密钥管理器来生成加密密钥—密钥会自动生成—只需运行"security key-manager onboard enable"即可。


第 1 步:
 
运行 security key-manager onboard enable 命令

cluster2::> security key-manager onboard enable

Enter the cluster-wide passphrase for the Onboard Key Manager:

Re-enter the cluster-wide passphrase:
After configuring the Onboard Key Manager, save the encrypted configuration data in a safe location so that you can use it if you need to perform a manual recovery operation. To view the data, use the "security key-manager onboard show-back up" command.

The onboard passphrase MUST be 32 to 256 ASCII-range characters long.


步骤2:
 
检查密钥

cluster2::> security key-manager key query -node cluster2-01

Node: cluster2-01
Vserver: cluster2
Key Manager: onboard
Key Manager Type: OKM

Key Tag                               Key Type  Restored
------------------------------------  --------  --------
cluster2-01                           NSE-AK    true
Key ID: 000000000000000002000000000001006a4cdad760624da1f32a58fe1e6c986f0000000000000000
cluster2-01                           NSE-AK    true
Key ID: 000000000000000002000000000001009426182227410fcf2aba4988886a80b00000000000000000
2 entries were displayed.

 
NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.