Hi to you all,
One of our customers is starting the technical architecture planning for their new A400 units that they got with the multi-tenant feature license with SED drives. The customer will be hosting two different environments on their A400, on top of the SED drives, one of the environments will be using NVE on the volumes. For encryption keys management, the customer wanted to use an external solution but found out their HSM solution isn't ready, lacks enough client licenses and needs to be upgraded/refreshed. Instead, the customer will be using the Onboard Key Management first. When the external solution will be ready, he'd like to make the switch. Separate SVM will be created in order to enable multitenancy management.
Reading through the NetApp docs, there is a procedure to switch from one solution to another, involving decrypting all the NVE volumes. I worry about SED drives handling... What advice would you give to this customer?
We are at the initial steps in the planning process, a major roadblock in the future could put the HSM upgrade a mandatory step before starting the A400 deployment.
Thanks for your feedback!