Volume Encryption Hardware

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Volume Encryption Hardware

Stephen Stocke-3
Hello

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature.  I've checked HWU and can't see anything that shows NVE compatibility.  I've also tried IMT but I've never been able to get along with that tool.

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

Any pointers to the right docs would be greatly appreciated!

Kind regards
Steve

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: Volume Encryption Hardware

Tim Stiller
best regards,
Tim

Stephen Stocke <[hidden email]> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr:
Hello

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature.  I've checked HWU and can't see anything that shows NVE compatibility.  I've also tried IMT but I've never been able to get along with that tool.

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

Any pointers to the right docs would be greatly appreciated!

Kind regards
Steve
_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

RE: Volume Encryption Hardware

Parisi, Justin

In general, the hardware requirement is a platform that has processors that are AES-NI capable to do the encryption offloading to offset performance. All new platforms will have that, for the most part.

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim Stiller
Sent: Wednesday, January 25, 2017 12:51 PM
To: Stephen Stocke <[hidden email]>; [hidden email]
Subject: Re: Volume Encryption Hardware

 

best regards,

Tim

 

Stephen Stocke <[hidden email]> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr:

Hello

 

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature.  I've checked HWU and can't see anything that shows NVE compatibility.  I've also tried IMT but I've never been able to get along with that tool.

 

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

 

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

 

Any pointers to the right docs would be greatly appreciated!

 

Kind regards

Steve

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: Volume Encryption Hardware

jordan slingerland-2
In reply to this post by Stephen Stocke-3
At the least I assume you would want a processor that supports aes-ni . I beleive that is sandy bridge and higher 

On Jan 25, 2017 12:38 PM, "Stephen Stocke" <[hidden email]> wrote:
Hello

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature.  I've checked HWU and can't see anything that shows NVE compatibility.  I've also tried IMT but I've never been able to get along with that tool.

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

Any pointers to the right docs would be greatly appreciated!

Kind regards
Steve

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: Volume Encryption Hardware

Stephen Stocke-3
In reply to this post by Parisi, Justin
Thanks Tim and Justin for your replies.

I'm also wondering if you can mix NVE and non-NVE capable hardware in the same cluster and still license and use the feature?  (On volumes hosted on the NVE capable HA pair).  The NSE documentation has a statement about heterogeneous clusters but I can't find one regarding NVE.  Specifically, I'd like to scale-out an existing FAS2552 switched cluster with a FAS2650 HA pair.  In that scenario, can we use NVE for volumes on the FAS2650 aggregates?


On 25 January 2017 at 21:41, Parisi, Justin <[hidden email]> wrote:

In general, the hardware requirement is a platform that has processors that are AES-NI capable to do the encryption offloading to offset performance. All new platforms will have that, for the most part.

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim Stiller
Sent: Wednesday, January 25, 2017 12:51 PM
To: Stephen Stocke <[hidden email]>; [hidden email]
Subject: Re: Volume Encryption Hardware

 

best regards,

Tim

 

Stephen Stocke <[hidden email]> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr:

Hello

 

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature.  I've checked HWU and can't see anything that shows NVE compatibility.  I've also tried IMT but I've never been able to get along with that tool.

 

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

 

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

 

Any pointers to the right docs would be greatly appreciated!

 

Kind regards

Steve

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters



_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

RE: Volume Encryption Hardware

marcel.juhnke

Hi Stephen,

 

yes, NVE is a purely software-defined encryption on a per Volume basis, also supported on ONTAP Select for example.

 

From what I understand it doesn’t matter if one HA pair in the cluster is capable of NVE, the others can still use NVE on their Volumes.

 

You just cannot move an encrypted Volume to a non-capable HA-pair without explicitly specifying the “-encrypt-destination false” option in the vol move command (which then moves it over unencrypted).

 

Best regards

Marcel


cid:image001.png@01D0EFA1.22C05EB0

 

Marcel D. Juhnke - Senior Storage Analyst

EALA IS Delivery Center - ASG

Accenture Services GmbH

Graf-Stauffenberg-Str. 6 - D-95030 Hof / Germany

Phone: +49 (9281) 925 2877
Mobile: +49 (175) 57 60019
Mail / Skype for Business:
[hidden email]

 

NCDA NCIE

 

Sitz: Kronberg. Registergericht: Königstein im Taunus, HRB 5967.
Geschäftsführer: Marcus Huth, Frank Mang, Stefan Smolka, Michael Sturm.

--- Confidential ---

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Stephen Stocke
Sent: Mittwoch, 25. Januar 2017 23:45
To: Parisi, Justin <[hidden email]>
Cc: [hidden email]
Subject: Re: Volume Encryption Hardware

 

Thanks Tim and Justin for your replies.

 

I'm also wondering if you can mix NVE and non-NVE capable hardware in the same cluster and still license and use the feature?  (On volumes hosted on the NVE capable HA pair).  The NSE documentation has a statement about heterogeneous clusters but I can't find one regarding NVE.  Specifically, I'd like to scale-out an existing FAS2552 switched cluster with a FAS2650 HA pair.  In that scenario, can we use NVE for volumes on the FAS2650 aggregates?

 

 

On 25 January 2017 at 21:41, Parisi, Justin <[hidden email]> wrote:

In general, the hardware requirement is a platform that has processors that are AES-NI capable to do the encryption offloading to offset performance. All new platforms will have that, for the most part.

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim Stiller
Sent: Wednesday, January 25, 2017 12:51 PM
To: Stephen Stocke <[hidden email]>; [hidden email]
Subject: Re: Volume Encryption Hardware

 

best regards,

Tim

 

Stephen Stocke <[hidden email]> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr:

Hello

 

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature.  I've checked HWU and can't see anything that shows NVE compatibility.  I've also tried IMT but I've never been able to get along with that tool.

 

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

 

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

 

Any pointers to the right docs would be greatly appreciated!

 

Kind regards

Steve

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters

 




This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|

Re: Volume Encryption Hardware

hd.smasher
If you have access to Field Portal you can find there NetApp Volume Encryption Technical FAQ.
Citation from the FAQ:

Can I have NVE-capable and non-NVE-capable platforms in the same cluster and still use NVE?

Answer: Yes. You can have mixed platforms per the standard ONTAP platform mixing rules. Both platforms in the HA pair must be NVE-capable. The non-NVE-capable platforms in the cluster are not able to host encrypted volumes. 


On Thu, Jan 26, 2017 at 4:17 PM, <[hidden email]> wrote:

Hi Stephen,

 

yes, NVE is a purely software-defined encryption on a per Volume basis, also supported on ONTAP Select for example.

 

From what I understand it doesn’t matter if one HA pair in the cluster is capable of NVE, the others can still use NVE on their Volumes.

 

You just cannot move an encrypted Volume to a non-capable HA-pair without explicitly specifying the “-encrypt-destination false” option in the vol move command (which then moves it over unencrypted).

 

Best regards

Marcel


cid:image001.png@01D0EFA1.22C05EB0

 

Marcel D. Juhnke - Senior Storage Analyst

EALA IS Delivery Center - ASG

Accenture Services GmbH

Graf-Stauffenberg-Str. 6 - D-95030 Hof / Germany

Phone: <a href="tel:+49%209281%209252877" value="+4992819252877" target="_blank">+49 (9281) 925 2877
Mobile: <a href="tel:+49%20175%205760019" value="+491755760019" target="_blank">+49 (175) 57 60019
Mail / Skype for Business:
[hidden email]

 

NCDA NCIE

 

Sitz: Kronberg. Registergericht: Königstein im Taunus, HRB 5967.
Geschäftsführer: Marcus Huth, Frank Mang, Stefan Smolka, Michael Sturm.

--- Confidential ---

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Stephen Stocke
Sent: Mittwoch, 25. Januar 2017 23:45
To: Parisi, Justin <[hidden email]>
Cc: [hidden email]


Subject: Re: Volume Encryption Hardware

 

Thanks Tim and Justin for your replies.

 

I'm also wondering if you can mix NVE and non-NVE capable hardware in the same cluster and still license and use the feature?  (On volumes hosted on the NVE capable HA pair).  The NSE documentation has a statement about heterogeneous clusters but I can't find one regarding NVE.  Specifically, I'd like to scale-out an existing FAS2552 switched cluster with a FAS2650 HA pair.  In that scenario, can we use NVE for volumes on the FAS2650 aggregates?

 

 

On 25 January 2017 at 21:41, Parisi, Justin <[hidden email]> wrote:

In general, the hardware requirement is a platform that has processors that are AES-NI capable to do the encryption offloading to offset performance. All new platforms will have that, for the most part.

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Tim Stiller
Sent: Wednesday, January 25, 2017 12:51 PM
To: Stephen Stocke <[hidden email]>; [hidden email]
Subject: Re: Volume Encryption Hardware

 

best regards,

Tim

 

Stephen Stocke <[hidden email]> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr:

Hello

 

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature.  I've checked HWU and can't see anything that shows NVE compatibility.  I've also tried IMT but I've never been able to get along with that tool.

 

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

 

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

 

Any pointers to the right docs would be greatly appreciated!

 

Kind regards

Steve

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters

 




This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.

_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters



_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters