Deciding whether to use the Encryption Power Guide
Lenovo offers both software- and hardware-based encryption technologies for ensuring that data at rest cannot be read if the storage medium is repurposed, returned, misplaced, or stolen.
Software-based encryption supports data encryption one volume at a time.
Hardware-based encryption supports full-disk encryption (FDE) of data as it is written.
You should use this guide if you want to work with encryption in the following way:
You want to use best practices, not explore every available option.
You do not want to read a lot of conceptual background.
You want to use the ONTAP command-line interface (CLI), not ThinkSystem Storage Manager for DM Series or an automated scripting tool.
As of ONTAP 9.8, Storage Manager supports onboard key manager encryption.
If this guide is not suitable for your situation, you should see the following documentation instead: