Advertisement
◦ If NVE and NSE are not configured, no drives are protected with NSE keys, it's safe to shut down the
impaired controller.
Verify NVE configuration
1. Display the key IDs of the authentication keys that are stored on the key management servers:
key-manager key-query
After the ONTAP 9.6 release, you may have additional key manager types. The types are KMIP,
AKV, and GCP. The process for confirming these types is the same as confirming
key manager types.
onboard
• If the
Key Manager
down the impaired controller.
• If the
Key Manager
complete some additional steps.
• If the
Key Manager
yes, you need to complete some additional steps.
• If the
Key Manager
you need to complete some additional steps.
1. If the
Key Manager
up the OKM information:
a. Go to advanced privilege mode and enter
b. Enter the command to display the key management information:
onboard show-backup
c. Copy the contents of the backup information to a separate file or your log file. You'll need it in
disaster scenarios where you might need to manually recover OKM.
d. Return to admin mode:
e. Shut down the impaired controller.
2. If the
Key Manager
yes:
a. Restore the external key management authentication keys to all nodes in the cluster:
key-manager external restore
If the command fails, contact NetApp Support.
mysupport.netapp.com
b. Verify that the
manager key-query
c. Shut down the impaired controller.
3. If the
Key Manager
yes:
a. Enter the onboard security key-manager sync command:
sync
6
type displays
external
type displays
onboard
type displays
external
type displays
onboard
type displays
onboard
set -priv admin
type displays
external
Restored
column equals
type displays
onboard
and the
column displays yes, it's safe to shut
Restored
and the
Restored
column displays yes, you need to
and the
column displays anything other than
Restored
and the
Restored
column displays anything other than yes,
and the
Restored
when prompted to continue:
y
and the
Restored
yes
for all authentication keys:
and the
Restored
security key-manager onboard
external
column displays yes, manually back
set -priv advanced
security key-manager
column displays anything other than
security key-
column displays anything other than
security
or
security
Advertisement
Need help?
Do you have a question about the AFF A200 and is the answer not in the manual?