Table of Contents
Advertisement
NetApp HCI compute nodes in NetApp HCI. It is available by default on the management
nodes in NetApp HCI.
In addition to communicating the NetApp-provided hardware and software components in a NetApp HCI
installation, NetApp Hybrid Cloud Control interacts with third-party components in the customer environment,
like VMware vCenter. NetApp qualifies the functionality of NetApp Hybrid Cloud Control and its interaction with
these third-party components in the customer environment up to a certain scale. For optimal experience with
NetApp Hybrid Cloud Control, NetApp recommends staying within the range of configuration maximums.
If you exceed these tested maximums, you might experience issues with NetApp Hybrid Cloud Control, such
as a slower user interface and API responses or functionality being unavailable. If you engage NetApp for
product support with NetApp Hybrid Cloud Control in environments that are configured beyond the
configuration maximums, NetApp Support will ask that you change the configuration to be within the
documented configuration maximums.
Configuration maximums
NetApp Hybrid Cloud Control supports VMware vSphere environments with up to 100 ESXi hosts and 1000
virtual machines (comparable to a small vCenter Server Appliance configuration).
NetApp HCI security
When you use NetApp HCI, your data is protected by industry-standard security
protocols.
Encryption at Rest for storage nodes
NetApp HCI enables you to encrypt all data stored on the storage cluster.
All drives in storage nodes that are capable of encryption use AES 256-bit encryption at the drive level. Each
drive has its own encryption key, which is created when the drive is first initialized. When you enable the
encryption feature, a storage-cluster-wide password is created, and chunks of the password are then
distributed to all nodes in the cluster. No single node stores the entire password. The password is then used to
password-protect all access to the drives. You need the password to unlock the drive, and since the drive is
encrypting all data, your data is secure at all times.
When you enable Encryption at Rest, performance and efficiency of the storage cluster are unaffected.
Additionally, if you remove an encryption-enabled drive or node from the storage cluster with the Element API
or Element UI, Encryption at Rest is disabled on the drives and the drives are securely erased, protecting the
data that was previously stored on those drives. After you remove the drive, you can securely erase the drive
SecureEraseDrives
with the
API method. If you forcibly remove a drive or node from the storage cluster, the
data remains protected by the cluster-wide password and the drive's individual encryption keys.
For information on enabling and disabling Encryption at Rest, see
Enabling and disabling encryption for a
cluster
in the SolidFire and Element Documentation Center.
Software Encryption at Rest
Software Encryption at Rest enables all data written to the SSDs in a storage cluster to be encrypted. This
provides a primary layer of encryption in SolidFire Enterprise SDS nodes that do not include Self-Encrypting
Drives (SEDs).
Advertisement
Table of Contents
Need help?
Do you have a question about the HCI and is the answer not in the manual?
Questions and answers