- Community Home
- >
- Storage
- >
- HPE Nimble Storage
- >
- Array Setup and Networking
- >
- Re: NimbleOS upgrade with encrypted volumes
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 05:02 AM
05-10-2016 05:02 AM
We are looking to enable encryption and want to use secure boot mode.
We have a CS220 with dual controllers running 2.3.14.0.
I've read around a bit...
Nimble OS 2.3 – Implementing SmartSecure Encryption at Rest
http://www.smartstack.co.uk/wp-content/uploads/2016/03/wp-nimble-storage-smartsecure-encryption.pdf
I understand that if we power off the array we will need to enter the passphrase to bring the encrypted volumes online.
My question is... does the restart of a controller during a NimbleOS upgrade also required the passphrase to be input? My initial thought was no, but couldn't see this documented anywhere.
If I've missed a document please point me in the right direction.
Thanks in advance
Solved! Go to Solution.
- Tags:
- encryption
- upgrade
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2016 12:49 PM
05-10-2016 12:49 PM
SolutionHey Paul,
I don't believe this would be the case, as a firmware upgrade is a live process with controllers rebooting only during their standby process. Because of this, the array is never offline and thus would never require the passphrase to re-enter for allowing the volumes back online - as they never went offline in the first place.
Be wary of the significant performance overhead that could be seen on the CS200 platform. Depending on how hard your pushing the controllers right now, enabling encryption on volumes to negatively impact CPU performance as there's no AES encryption offload engine built into the CPU.
twitter: @nick_dyer_
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2016 04:09 AM
05-12-2016 04:09 AM
			
				
					
						
							Re: NimbleOS upgrade with encrypted volumes
						
					
					
				
			
		
	
			
	
	
	
	
	
Hi Nick,
Thanks, that makes sense. I think a note in the update software section of the admin guide would have put my mind at ease, maybe if a Nimble employee if reading they could put this forward?
As for the CPU, we are aware of this. We use the arrays for hosting VMs so our plan is to gradually migrate them and monitor the CPU to determine if it will cause us issues.
Thanks again for the response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2016 07:42 AM
05-12-2016 07:42 AM
			
				
					
						
							Re: NimbleOS upgrade with encrypted volumes
						
					
					
				
			
		
	
			
	
	
	
	
	
Nick,
Would this performance impact only be during the initial encryption and data migration or it is an ongoing operational need for that overhead? Looking at enabling encryption on our CS215's and curious if we should expect a performance hit. Also can you replicate an array with available mode to an array that has secure mode enabled and/or vice versa?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2016 08:55 AM
05-12-2016 08:55 AM
			
				
					
						
							Re: NimbleOS upgrade with encrypted volumes
						
					
					
				
			
		
	
			
	
	
	
	
	
Hi Keith,
The performance overhead of encryption will be for every volume that will have encryption enabled - especially on a CS2xx as it has no offload engine for the process - as every new write IO entering the system will need to use the CPU for key generation, management and encryption of the IO prior to it being compressed.
CS2xx systems can see upwards of 30% performance overhead as there's no offload engine on the CPU. If encryption is a requirement for a lot of volumes it may be prudent to look at upgrading the controllers to CS300s, as there's a built in AES offload engine on those CPUs and can expect very little overhead.
Good question re replicating an array in available mode to an array with secure mode. I believe the answer would be yes, as the data itself is still encrypted but you would need to enter the passphrase for bringing the volumes online on the DR site.
twitter: @nick_dyer_
 
					
				
		
