Update to NSE steps

[wdiane1]

Page: Install and boot node3

27. If NetApp Storage Encryption (NSE) is in use on this configuration, the setenv bootarg.storageencryption.support command must be set to true, and the kmip.init.maxwait variable must be set to off to avoid a boot loop after the node1 configuration is loaded:

setenv bootarg.storageencryption.support true

setenv kmip.init.maxwait off

With kmip.init.maxwait set to off, tells ONTAP to NOT retrieve the authentication keys from the external key manager. This is a bad idea to turn this feature off. With this feature turned off the node is booted without any keys and if a power outage occurs with this bootarg set to off and AUTOBOOT is on - then ALL the NSE drives with authentication key will be permanently locked and all data is lost.

Not something to publicly document. You should say call NetApp Support for encryption specialist to assist.

[netapp-pcarriga]

@wdiane1 - Thank you for your feedback. I'll have your recommendations verified and then update the documentation.

[ntap-bmegan]

@netapp-pcarriga - Please update status or close if work is complete.

[ntap-bmegan]

@netapp-pcarriga - What is the status of this issue?

[netapp-pcarriga]

@wdiane1 - Thanks again for your feedback, This issue has been added to and is being tracked in issue #35. Closing this issue.

[netapp-pcarriga]

@wdiane1 Hi Diane, the updates on setting the "bootarg.storageencryption.support" and "kmip.init.maxwait" variables in Step 27 are now published. We have also added information on how to determine if your system uses self-encrypting drives and on the types of self-encrypting drives supported by ONTAP. You can view these updates using the following links:

• Prepare the nodes for upgrade > Step5
• Install and boot node3 > Step 27
• Install and boot node4 > Step 27

Thanks again for providing feedback and helping to improve the documentation,

[wdiane1]

Hi Paula,

We need to add that some more verbiage around the maxwait bootarg.

Setting this bootarg can and has caused data loss if not careful.

...Diane

From: Paula Carrigan @.> Sent: Friday, December 16, 2022 1:34 PM To: NetAppDocs/ontap-systems-upgrade @.> Cc: Williford, Diane @.>; Mention @.> Subject: Re: [NetAppDocs/ontap-systems-upgrade] Update to NSE steps (Issue #37)

NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

@wdiane1https://github.com/wdiane1 Hi Diane, the updates on setting the "bootarg" and "maxwait" variables in Step 27 are now published with additional information on how to determine if your system uses self-encrypting drives and the types self-encrypting of drives support by ONTAP. You can view these updates using the following links:

• Prepare the nodes for upgradehttps://docs.netapp.com/us-en/ontap-systems-upgrade/upgrade-arl-auto-app/prepare_nodes_for_upgrade.html#correct-aggregate-ownership-if-an-arl-precheck-failsl > Step5
• Install and boot node3https://docs.netapp.com/us-en/ontap-systems-upgrade/upgrade-arl-auto-app/install_boot_node3.html > Step 27
• Install and boot node4https://docs.netapp.com/us-en/ontap-systems-upgrade/upgrade-arl-auto-app/install_boot_node4.html > Step 27 Thanks again for providing feedback and helping to improve the documentation,

- Reply to this email directly, view it on GitHubhttps://github.com/NetAppDocs/ontap-systems-upgrade/issues/37#issuecomment-1355389647, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AORTZV2EZELFUEJ6UEF5Z43WNSYXXANCNFSM5XCO255A. You are receiving this because you were mentioned.Message ID: @.**@.>>

[netapp-pcarriga]

@wdiane1 - Thank you for highlighting this. BURT 1518041 is tracking this issue so I'm moving your request for further updates to the BURT and we can track from there. Thanks!