File encryption
Use the following table to access IBM Spectrum Scale documentation for file encryption.
For this information... | Go to... | |
---|---|---|
IBM Spectrum Scale file encryption ensures secure storage of data and secure deletion of data. | Encryption | |
Read about master encryption keys (MEKs) and file encryption keys (FEKs). | Encryption keys | |
An encryption policy specifies the set of files to be encrypted, an encryption algorithm, and a MEK for wrapping the FEK. | Encryption policies | |
File encryption policy rules:
|
Encryption policy rules | |
Configuring the components that are required for encryption:
|
Preparation for encryption | |
Configuring an environment to support file encryption. | Secure file encryption and deletion.
|
Establishing an encryption-enabled environment |
Simplified setup. | ||
Regular setup. | ||
SKLM v2.7 and later. | Configuring encryption with SKLM v2.7 or later
|
|
Thales Vormetric DSM. | Configuring encryption with the Vormetric DSM key server
|
|
Notifications when RKM or key client certificates approach
their expiration dates.
|
Certificate expiration warnings | |
Renewing expired client and RKM server certificates. | ||
Testing whether a file is encrypted by IBM Spectrum Scale.
|
Encryption hints | |
|
Secure deletion | |
Meeting standards for FIPS-140-2 certification and NIST
SP88-131A compliance.
|
||
Accessing an encrypted file in a remote cluster.
|
Encryption in a multicluster environment | |
Preserving access to MEKs if an entire site goes
down.
|
Encryption in a Disaster Recovery environment | |
|
Encryption and backup/restore | |
|
Encryption and snapshots | |
|
Encryption and a local read-only cache (LROC) device | |
|
Encryption and external pools | |
|
Encryption requirements and limitations |