Encrypting Existing Swarm Volumes Manually

Owned by Mary Connor (Deactivated)
Last updated: Aug 27, 2021 by John Bell


If you are retiring volumes so that you can implement encryption at rest, you will need to then reformat and remount the volumes. You will need to follow the manual process outlined below. (v10.1)

To convert existing volumes to use encryption-at-rest, migrate the data using a chassis-by-chassis approach:

  1. Enable the encryption-at-rest settings for the cluster, which will apply to newly formatted volumes.
  2. Starting with the first chassis, retire it: from the Storage UI, select Cluster > Hardware, open the Chassis Details, and select Retire from the action (gear) menu.
  3. Wait for all of its volumes to reach a status of "retired".
  4. From the system console on the physical chassis, stop the storage processes: System Control > 3. Stop Storage Processes
  5. Format all of the disks, which will now be encrypted: Disk Volumes > ALL

  6. Reboot the chassis: System Control > 1. Reboot System
    As Swarm detects each new volume, it formats it as encrypted (using the disk.encryptionKeyPrimary value) and mounts it.

    Note

    You may change the key used to encrypt new Swarm volumes at any time, but your existing Swarm volumes will not be re-encrypted. To re-encrypt them, retire and reformat them, using the new encryption key.

  7. With the first chassis complete, repeat all steps until every chassis has been converted.


© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.