NetApp HCI allows encryption of all data stored within the cluster. Self-encrypting drives are available on H410S/H610S storage nodes, with FIPS-certified drives in H610S-2F storage nodes.
All drives in NetApp HCI storage nodes leverage AES 256-bit encryption at the drive level. Each drive has its own encryption key, which is created when the drive is first initialized. When you enable the encryption feature, a cluster-wide password is created, and chunks of the password are then distributed to all nodes in the cluster. No single node stores the entire password. The password is then used to password-protect all access to the drives and must then be supplied for every read and write operation to the drive.
Enabling the encryption-at-rest feature does not affect performance or efficiency on the cluster. Additionally, if an encryption-enabled drive or node is removed from the cluster with the API or web UI, Encryption-at-Rest will be disabled on the drives.