ONTAP 9 Manuals ( CA08871-402 )

Enable cluster peering encryption on an existing peer relationship

Cluster peering encryption is enabled by default on all newly created cluster peering relationships. Cluster peering encryption uses a pre-shared key (PSK) and the Transport Security Layer (TLS) to secure cross-cluster peering communications. This adds an additional layer of security between the peered clusters.

About this task

Clusters in the peering relationship must be running ONTAP 9.7 or later in order to enable cluster peering encryption.

Steps
  1. On the destination cluster, enable encryption for communications with the source cluster:

    cluster peer modify source_cluster -auth-status-admin use-authentication -encryption-protocol-proposed tls-psk

  2. When prompted enter a passphrase.

  3. On the data protection source cluster, enable encryption for communication with the data protection destination cluster:

    cluster peer modify data_protection_destination_cluster -auth-status-admin use-authentication -encryption-protocol-proposed tls-psk

  4. When prompted, enter the same passphrase entered on the destination cluster.

Top of Page