Restore OKM, NSE, and NVE as needed - AFF fas8300 and FAS8700
Once environment variables are checked, you must complete steps specific to systems
that have Onboard Key Manager (OKM), NetApp Storage Encryption (NSE) or NetApp
Volume Encryption (NVE) enabled.
1. Determine which section you should use to restore your OKM, NSE, or NVE configurations: If NSE or NVE
are enabled along with Onboard Key Manager you must restore settings you captured at the beginning of
this procedure.
◦
If NSE or NVE are enabled and Onboard Key Manager is enabled, go to
Onboard Key Manager is enabled
◦
If NSE or NVE are enabled for ONTAP 9.6, go to
Restore NSE/NVE on systems running ONTAP 9.6
Restore NVE or NSE when Onboard Key Manager is enabled
Steps
1. Connect the console cable to the target node.
2. Use the
boot_ontap
command at the LOADER prompt to boot the node.
3. Check the console output:
If the console displays…
Then…
The LOADER prompt
Boot the node to the boot menu:
boot_ontap menu
Waiting for giveback….
a. Enter
Ctrl-C
at the prompt
b. At the message: Do you wish to halt this node rather than wait
[y/n]? , enter:
y
c. At the LOADER prompt, enter the
boot_ontap menu
command.
4. At the Boot Menu, enter the hidden command,
recover_onboard_keymanager
and reply
y
at the
prompt
5. Enter the passphrase for the onboard key manager you obtained from the customer at the beginning of this
procedure.
6. When prompted to enter the backup data, paste the backup data you captured at the beginning of this
procedure, when asked. Paste the output of
security key-manager backup show
OR
security
key-manager onboard show-backup
command
The data is output from either
security key-manager backup show
or
security
key-manager onboard show-backup
command.
Example of backup data:
28