ONTAP 9 Manuals ( CA08871-402 )

Encrypt stored data using software-based encryption

Use volume encryption to ensure that volume data cannot be read if the underlying device is repurposed, returned, misplaced, or stolen. Volume encryption does not require special disks; it works with all HDDs and SSDs.

Volume encryption requires a key manager. You can configure the Onboard Key Manager using ONTAP System Manager. You can also use an external key manager, but you need to first set it up using the ONTAP CLI.

After the key manager is configured, new volumes are encrypted by default.

Steps
  1. Click Cluster > Settings.

  2. Under Encryption, click Gear icon to configure the Onboard Key Manager for the first time.

  3. To encrypt existing volumes, click Storage > Volumes.

  4. On the desired volume, click Menu icon and then click Edit.

  5. Select Enable encryption.

Top of Page