Unable to encrypt the NetApp drives with Santricity

book

Article ID: 170736

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

We need to encrypt the NetApp drives. We have a suspicion that this may be because we set them up without the "storage=enabled" flag on configure_netapp.py. 

We cannot use the "security" option in the drives, despite apparently having a license for it.

Resolution

In order to have security enabled raid volumes created the following criteria must be met:

  1. Drives must be FDE or FIPS capable
  2. The Drive Security Addon must be enabled
  3. You must have created a storageArray security key


We did create raid volumes that were securityType=capable because 1 and 2 were met.  However, the reason the securityType=enabled command was failing was because condition 3 was not met.

The modified version of the configure_netapp.py script added better detection of those cases.

In order to recreate the partitions with security enabled drives turned on, rerun the script using the -p (to set a storageArray password) and the -P (create a passphrase for disk encryption).

According to the NetApp documentation, the password must meet the following criteria:

  1. Must be between 8 and 30 characters long
  2. Must contain at least one uppercase letter
  3. Must contain at least one lowercase letter
  4. Must contain at least one numeric
  5. Must contain at least one non-alphanumeric character


And you must set a password in order to set a security key.

The passphrase for the security must also adhere to same criteria as the password.

Creating a security will store the security key on the host in /etc/solera/config/<array_name>_seckey.slk