Encryption requirements and limitations
Learn the requirements and limitations for using encryption.
For encryption requirements, see the topic Preparation for encryption.
Encryption has the following limitations:
- For a multicluster environment, see the topic Encryption in a multicluster environment.
- For a Disaster Recovery environment, see the topic Encryption in a Disaster Recovery environment.
- For backup and restore, see the topic Encryption and backup/restore.
- For snapshots, see the topic Encryption and snapshots.
- Data for encrypted files is not stored in the inode. For information about data-in-inode, see Use of disk storage and file structure within a GPFS file system.
- Data from encrypted files is not stored in the highly available write cache (HAWC). For more information, see Highly available write cache (HAWC).
- To avoid a security exposure, by default IBM Spectrum Scale does not allow file data from
encrypted files, which is held in memory as cleartext, to be copied into an LROC. As a result, a
file system in which most of the files are encrypted does not take advantage of the performance
benefits provided by an LROC. However, you can set IBM Spectrum Scale to enable cleartext from encrypted files to be copied into an LROC. You
might choose this option if you can configure your system to remove the security problem.Warning: If you allow cleartext from an encrypted file to be copied into an LROC, you must take steps to protect the cleartext while it is in LROC storage.For more information, see the following links: