Mailing List Archive

Volume Encryption Hardware
Hello

I'm trying to find an official list of which hardware supports the new 9.1
Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see
anything that shows NVE compatibility. I've also tried IMT but I've never
been able to get along with that tool.

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650
platforms support this feature.

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE
but I'm now looking for the "official" documentation on hardware support.

Any pointers to the right docs would be greatly appreciated!

Kind regards
Steve
Re: Volume Encryption Hardware [ In reply to ]
Hi Stephen,

a complete list of supported platforms for NVE is available here:

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-nve%2FGUID-EAD13D8E-0219-45B6-A2C6-B25B76C9CA1A.html

best regards,
Tim

Stephen Stocke <scstocke@gmail.com> schrieb am Mi., 25. Jan. 2017 um
18:38 Uhr:

> Hello
>
> I'm trying to find an official list of which hardware supports the new 9.1
> Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see
> anything that shows NVE compatibility. I've also tried IMT but I've never
> been able to get along with that tool.
>
> Specifically, I'm trying to find out if the FAS2500 series or new FAS2650
> platforms support this feature.
>
> I've listened to TechOnTap podcast #59 in which the speakers discuss NVE
> but I'm now looking for the "official" documentation on hardware support.
>
> Any pointers to the right docs would be greatly appreciated!
>
> Kind regards
> Steve
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>
RE: Volume Encryption Hardware [ In reply to ]
In general, the hardware requirement is a platform that has processors that are AES-NI capable to do the encryption offloading to offset performance. All new platforms will have that, for the most part.

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Tim Stiller
Sent: Wednesday, January 25, 2017 12:51 PM
To: Stephen Stocke <scstocke@gmail.com>; toasters@teaparty.net
Subject: Re: Volume Encryption Hardware

Hi Stephen,
a complete list of supported platforms for NVE is available here:

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-nve%2FGUID-EAD13D8E-0219-45B6-A2C6-B25B76C9CA1A.html
best regards,
Tim

Stephen Stocke <scstocke@gmail.com<mailto:scstocke@gmail.com>> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr:
Hello

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see anything that shows NVE compatibility. I've also tried IMT but I've never been able to get along with that tool.

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

Any pointers to the right docs would be greatly appreciated!

Kind regards
Steve
_______________________________________________
Toasters mailing list
Toasters@teaparty.net<mailto:Toasters@teaparty.net>
http://www.teaparty.net/mailman/listinfo/toasters
Re: Volume Encryption Hardware [ In reply to ]
At the least I assume you would want a processor that supports aes-ni . I
beleive that is sandy bridge and higher

On Jan 25, 2017 12:38 PM, "Stephen Stocke" <scstocke@gmail.com> wrote:

> Hello
>
> I'm trying to find an official list of which hardware supports the new 9.1
> Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see
> anything that shows NVE compatibility. I've also tried IMT but I've never
> been able to get along with that tool.
>
> Specifically, I'm trying to find out if the FAS2500 series or new FAS2650
> platforms support this feature.
>
> I've listened to TechOnTap podcast #59 in which the speakers discuss NVE
> but I'm now looking for the "official" documentation on hardware support.
>
> Any pointers to the right docs would be greatly appreciated!
>
> Kind regards
> Steve
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>
>
Re: Volume Encryption Hardware [ In reply to ]
Thanks Tim and Justin for your replies.

I'm also wondering if you can mix NVE and non-NVE capable hardware in the
same cluster and still license and use the feature? (On volumes hosted on
the NVE capable HA pair). The NSE documentation has a statement about
heterogeneous clusters but I can't find one regarding NVE. Specifically,
I'd like to scale-out an existing FAS2552 switched cluster with a FAS2650
HA pair. In that scenario, can we use NVE for volumes on the FAS2650
aggregates?


On 25 January 2017 at 21:41, Parisi, Justin <Justin.Parisi@netapp.com>
wrote:

> In general, the hardware requirement is a platform that has processors
> that are AES-NI capable to do the encryption offloading to offset
> performance. All new platforms will have that, for the most part.
>
>
>
> *From:* toasters-bounces@teaparty.net [mailto:toasters-bounces@
> teaparty.net] *On Behalf Of *Tim Stiller
> *Sent:* Wednesday, January 25, 2017 12:51 PM
> *To:* Stephen Stocke <scstocke@gmail.com>; toasters@teaparty.net
> *Subject:* Re: Volume Encryption Hardware
>
>
>
> Hi Stephen,
>
> a complete list of supported platforms for NVE is available here:
>
> http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.
> netapp.doc.pow-nve%2FGUID-EAD13D8E-0219-45B6-A2C6-B25B76C9CA1A.html
>
> best regards,
>
> Tim
>
>
>
> Stephen Stocke <scstocke@gmail.com> schrieb am Mi., 25. Jan. 2017 um
> 18:38 Uhr:
>
> Hello
>
>
>
> I'm trying to find an official list of which hardware supports the new 9.1
> Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see
> anything that shows NVE compatibility. I've also tried IMT but I've never
> been able to get along with that tool.
>
>
>
> Specifically, I'm trying to find out if the FAS2500 series or new FAS2650
> platforms support this feature.
>
>
>
> I've listened to TechOnTap podcast #59 in which the speakers discuss NVE
> but I'm now looking for the "official" documentation on hardware support.
>
>
>
> Any pointers to the right docs would be greatly appreciated!
>
>
>
> Kind regards
>
> Steve
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>
>
RE: Volume Encryption Hardware [ In reply to ]
Hi Stephen,

yes, NVE is a purely software-defined encryption on a per Volume basis, also supported on ONTAP Select for example.

From what I understand it doesn’t matter if one HA pair in the cluster is capable of NVE, the others can still use NVE on their Volumes.

You just cannot move an encrypted Volume to a non-capable HA-pair without explicitly specifying the “-encrypt-destination false” option in the vol move command (which then moves it over unencrypted).

Best regards
Marcel
________________________________
[cid:image001.png@01D0EFA1.22C05EB0]

Marcel D. Juhnke - Senior Storage Analyst
EALA IS Delivery Center - ASG
Accenture Services GmbH
Graf-Stauffenberg-Str. 6 - D-95030 Hof / Germany
Phone: +49 (9281) 925 2877
Mobile: +49 (175) 57 60019
Mail / Skype for Business: marcel.juhnke@accenture.com<mailto:marcel.juhnke@accenture.com>

[NCDA] [NCIE]

Sitz: Kronberg. Registergericht: Königstein im Taunus, HRB 5967.
Geschäftsführer: Marcus Huth, Frank Mang, Stefan Smolka, Michael Sturm.
--- Confidential ---

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Stephen Stocke
Sent: Mittwoch, 25. Januar 2017 23:45
To: Parisi, Justin <Justin.Parisi@netapp.com>
Cc: toasters@teaparty.net
Subject: Re: Volume Encryption Hardware

Thanks Tim and Justin for your replies.

I'm also wondering if you can mix NVE and non-NVE capable hardware in the same cluster and still license and use the feature? (On volumes hosted on the NVE capable HA pair). The NSE documentation has a statement about heterogeneous clusters but I can't find one regarding NVE. Specifically, I'd like to scale-out an existing FAS2552 switched cluster with a FAS2650 HA pair. In that scenario, can we use NVE for volumes on the FAS2650 aggregates?


On 25 January 2017 at 21:41, Parisi, Justin <Justin.Parisi@netapp.com<mailto:Justin.Parisi@netapp.com>> wrote:
In general, the hardware requirement is a platform that has processors that are AES-NI capable to do the encryption offloading to offset performance. All new platforms will have that, for the most part.

From: toasters-bounces@teaparty.net<mailto:toasters-bounces@teaparty.net> [mailto:toasters-bounces@teaparty.net<mailto:toasters-bounces@teaparty.net>] On Behalf Of Tim Stiller
Sent: Wednesday, January 25, 2017 12:51 PM
To: Stephen Stocke <scstocke@gmail.com<mailto:scstocke@gmail.com>>; toasters@teaparty.net<mailto:toasters@teaparty.net>
Subject: Re: Volume Encryption Hardware

Hi Stephen,
a complete list of supported platforms for NVE is available here:

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-nve%2FGUID-EAD13D8E-0219-45B6-A2C6-B25B76C9CA1A.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__docs.netapp.com_ontap-2D9_index.jsp-3Ftopic-3D-252Fcom.netapp.doc.pow-2Dnve-252FGUID-2DEAD13D8E-2D0219-2D45B6-2DA2C6-2DB25B76C9CA1A.html&d=DgMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=GcNS7tdzbD9kRwYidanFzqYRAZE92rxZs2pwJh45DL0&m=MLSNbF1-Npiroiyi7uUdrGB_iGMK85QgupvCbk2x_cQ&s=gyvscEK2voj9V3aFXUxTc1dAq6tA5xj4lf-5JTGHFB4&e=>
best regards,
Tim

Stephen Stocke <scstocke@gmail.com<mailto:scstocke@gmail.com>> schrieb am Mi., 25. Jan. 2017 um 18:38 Uhr:
Hello

I'm trying to find an official list of which hardware supports the new 9.1 Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see anything that shows NVE compatibility. I've also tried IMT but I've never been able to get along with that tool.

Specifically, I'm trying to find out if the FAS2500 series or new FAS2650 platforms support this feature.

I've listened to TechOnTap podcast #59 in which the speakers discuss NVE but I'm now looking for the "official" documentation on hardware support.

Any pointers to the right docs would be greatly appreciated!

Kind regards
Steve
_______________________________________________
Toasters mailing list
Toasters@teaparty.net<mailto:Toasters@teaparty.net>
http://www.teaparty.net/mailman/listinfo/toasters<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.teaparty.net_mailman_listinfo_toasters&d=DgMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=GcNS7tdzbD9kRwYidanFzqYRAZE92rxZs2pwJh45DL0&m=MLSNbF1-Npiroiyi7uUdrGB_iGMK85QgupvCbk2x_cQ&s=KH6iAjzYtzhiZaSPffBUzhScYr2IVpJjextDEry7OCg&e=>


________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
Re: Volume Encryption Hardware [ In reply to ]
If you have access to Field Portal you can find there NetApp Volume
Encryption Technical FAQ.
Citation from the FAQ:

Can I have NVE-capable and non-NVE-capable platforms in the same cluster
and still use NVE?

Answer: Yes. You can have mixed platforms per the standard ONTAP platform
mixing rules. Both platforms in the HA pair must be NVE-capable. The
non-NVE-capable platforms in the cluster are not able to host encrypted
volumes.

On Thu, Jan 26, 2017 at 4:17 PM, <marcel.juhnke@accenture.com> wrote:

> Hi Stephen,
>
>
>
> yes, NVE is a purely software-defined encryption on a per Volume basis,
> also supported on ONTAP Select for example.
>
>
>
> From what I understand it doesn’t matter if one HA pair in the cluster is
> capable of NVE, the others can still use NVE on their Volumes.
>
>
>
> You just cannot move an encrypted Volume to a non-capable HA-pair without
> explicitly specifying the “-encrypt-destination false” option in the vol
> move command (which then moves it over unencrypted).
>
>
>
> Best regards
>
> Marcel
> ------------------------------
>
> [image: cid:image001.png@01D0EFA1.22C05EB0]
>
>
>
> *Marcel D. Juhnke - Senior Storage Analyst*
>
> EALA IS Delivery Center - ASG
>
> Accenture Services GmbH
>
> Graf-Stauffenberg-Str. 6 - D-95030 Hof / Germany
>
> Phone: +49 (9281) 925 2877 <+49%209281%209252877>
> Mobile: +49 (175) 57 60019 <+49%20175%205760019>
> Mail / Skype for Business: *marcel.juhnke@accenture.com
> <marcel.juhnke@accenture.com>*
>
>
>
> [image: NCDA] [image: NCIE]
>
>
>
> Sitz: Kronberg. Registergericht: Königstein im Taunus, HRB 5967.
> Geschäftsführer: Marcus Huth, Frank Mang, Stefan Smolka, Michael Sturm.
>
> --- Confidential ---
>
>
>
> *From:* toasters-bounces@teaparty.net [mailto:toasters-bounces@
> teaparty.net] *On Behalf Of *Stephen Stocke
> *Sent:* Mittwoch, 25. Januar 2017 23:45
> *To:* Parisi, Justin <Justin.Parisi@netapp.com>
> *Cc:* toasters@teaparty.net
>
> *Subject:* Re: Volume Encryption Hardware
>
>
>
> Thanks Tim and Justin for your replies.
>
>
>
> I'm also wondering if you can mix NVE and non-NVE capable hardware in the
> same cluster and still license and use the feature? (On volumes hosted on
> the NVE capable HA pair). The NSE documentation has a statement about
> heterogeneous clusters but I can't find one regarding NVE. Specifically,
> I'd like to scale-out an existing FAS2552 switched cluster with a FAS2650
> HA pair. In that scenario, can we use NVE for volumes on the FAS2650
> aggregates?
>
>
>
>
>
> On 25 January 2017 at 21:41, Parisi, Justin <Justin.Parisi@netapp.com>
> wrote:
>
> In general, the hardware requirement is a platform that has processors
> that are AES-NI capable to do the encryption offloading to offset
> performance. All new platforms will have that, for the most part.
>
>
>
> *From:* toasters-bounces@teaparty.net [mailto:toasters-bounces@
> teaparty.net] *On Behalf Of *Tim Stiller
> *Sent:* Wednesday, January 25, 2017 12:51 PM
> *To:* Stephen Stocke <scstocke@gmail.com>; toasters@teaparty.net
> *Subject:* Re: Volume Encryption Hardware
>
>
>
> Hi Stephen,
>
> a complete list of supported platforms for NVE is available here:
>
> http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.
> netapp.doc.pow-nve%2FGUID-EAD13D8E-0219-45B6-A2C6-B25B76C9CA1A.html
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__docs.netapp.com_ontap-2D9_index.jsp-3Ftopic-3D-252Fcom.netapp.doc.pow-2Dnve-252FGUID-2DEAD13D8E-2D0219-2D45B6-2DA2C6-2DB25B76C9CA1A.html&d=DgMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=GcNS7tdzbD9kRwYidanFzqYRAZE92rxZs2pwJh45DL0&m=MLSNbF1-Npiroiyi7uUdrGB_iGMK85QgupvCbk2x_cQ&s=gyvscEK2voj9V3aFXUxTc1dAq6tA5xj4lf-5JTGHFB4&e=>
>
> best regards,
>
> Tim
>
>
>
> Stephen Stocke <scstocke@gmail.com> schrieb am Mi., 25. Jan. 2017 um
> 18:38 Uhr:
>
> Hello
>
>
>
> I'm trying to find an official list of which hardware supports the new 9.1
> Netapp Volume Encryption (NVE) feature. I've checked HWU and can't see
> anything that shows NVE compatibility. I've also tried IMT but I've never
> been able to get along with that tool.
>
>
>
> Specifically, I'm trying to find out if the FAS2500 series or new FAS2650
> platforms support this feature.
>
>
>
> I've listened to TechOnTap podcast #59 in which the speakers discuss NVE
> but I'm now looking for the "official" documentation on hardware support.
>
>
>
> Any pointers to the right docs would be greatly appreciated!
>
>
>
> Kind regards
>
> Steve
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.teaparty.net_mailman_listinfo_toasters&d=DgMFaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=GcNS7tdzbD9kRwYidanFzqYRAZE92rxZs2pwJh45DL0&m=MLSNbF1-Npiroiyi7uUdrGB_iGMK85QgupvCbk2x_cQ&s=KH6iAjzYtzhiZaSPffBUzhScYr2IVpJjextDEry7OCg&e=>
>
>
>
> ------------------------------
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise private information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the email by you is prohibited.
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>
>