I don't believe this would be the case, as a firmware upgrade is a live process with controllers rebooting only during their standby process. Because of this, the array is never offline and thus would never require the passphrase to re-enter for allowing the volumes back online - as they never went offline in the first place.
Be wary of the significant performance overhead that could be seen on the CS200 platform. Depending on how hard your pushing the controllers right now, enabling encryption on volumes to negatively impact CPU performance as there's no AES encryption offload engine built into the CPU.
Thanks, that makes sense. I think a note in the update software section of the admin guide would have put my mind at ease, maybe if a Nimble employee if reading they could put this forward?
As for the CPU, we are aware of this. We use the arrays for hosting VMs so our plan is to gradually migrate them and monitor the CPU to determine if it will cause us issues.
Thanks again for the response.
Would this performance impact only be during the initial encryption and data migration or it is an ongoing operational need for that overhead? Looking at enabling encryption on our CS215's and curious if we should expect a performance hit. Also can you replicate an array with available mode to an array that has secure mode enabled and/or vice versa?
The performance overhead of encryption will be for every volume that will have encryption enabled - especially on a CS2xx as it has no offload engine for the process - as every new write IO entering the system will need to use the CPU for key generation, management and encryption of the IO prior to it being compressed.
CS2xx systems can see upwards of 30% performance overhead as there's no offload engine on the CPU. If encryption is a requirement for a lot of volumes it may be prudent to look at upgrading the controllers to CS300s, as there's a built in AES offload engine on those CPUs and can expect very little overhead.
Good question re replicating an array in available mode to an array with secure mode. I believe the answer would be yes, as the data itself is still encrypted but you would need to enter the passphrase for bringing the volumes online on the DR site.