Hi Chris, The Crypto feature of GPFS 4.1 requires the addition of just one extra RPM over the standard edition. Other RPMs remain the same. It also requires licenses for "Advanced Edition". These are of the order of 30% more expensive than the standard edition.
The model for GPFS encryption at rest is that the client node fetches the encrypted file from the fileserver. The file remains encrypted in transfer and is only decrypted by the client node using a key it holds. A result is end-to-end encryption as well as encryption of data at rest, Encryption can be on a per file level if desired. Hence a way to migrate from an existing non-encrypted. setup. note inodes should be 4kB to make sure there is enough room to store the encryption attributes. A side effect of adding encryption is that you also need additional remote key management (RKM) servers to handle the key management. These need licensed software. see http://www-01.ibm.com/support/knowledgecenter/SSFKCN_4.1.0.4/com.ibm.cluster.gpfs.v4r104.gpfs200.doc/bl1adv_encryptionsetupreqs.htm I am sure DDN can help you with all of this. Hope this helps, Daniel Dr.Daniel Kidger No. 1 The Square, Technical Specialist SDI (formerly Platform Computing) Temple Quay, Bristol BS1 6DG Mobile: +44-07818 522 266 United Kingdom Landline: +44-02392 564 121 (Internal ITN 3726 9250) e-mail: [email protected] From: Frank Leers <[email protected]> To: gpfsug main discussion list <[email protected]> Date: 16/04/2015 23:21 Subject: Re: [gpfsug-discuss] Experiences upgrading in place to GPFS 4.1? Sent by: [email protected] Hi Chris, Since you mention GRIDScaler, I assume that you are a DDN customer and that you have a support contract with them. If not, then feel free to take the advice that follows with a measure of salt although it mostly still applies ;-) With 4.1, there are now 'Editions' of GPFS, which break out various feature sets into a tiered arrangement, with each tier being licensed (and possibly priced) differently. Have a look here (Q 1.3) for the 4.1 licensing notes - http://www-01.ibm.com/support/knowledgecenter/SSFKCN/com.ibm.cluster.gpfs.doc/gpfs_faqs/gpfsclustersfaq.html With GPFS 3.5, you are most likely running the equivalent of the 'Standard Edition' today. The crypto feature set comes with the 'Advanced Edition', which is licensed differently. Have a look at Chapter 15 of the Advanced Admin Guide for 4.1 as a primer ... http://www-01.ibm.com/support/knowledgecenter/SSFKCN_4.1.0.4/gpfs4104_content.html -frank On Thu, Apr 16, 2015 at 1:33 PM, Garrison, E Chris <[email protected]> wrote: Hello, My site is working up to upgrading our paired GridScaler system from GPFS 3.5 to 4.1. There is a mandate to provide encryption at rest, and that's an advertised feature of 4.1. We already have over 100 TB of data, synchronously replicated between two geographically separated sites, and we have concerns about how the upgrade, as well as the application of encryption to all that data, will go. I'd like to hear from admins who've been through this upgrade. What gotchas should we look out for? Can it easily be done in place, or would we need some extra equipment to "slosh" our data to and from so that it is written to an encrypted GPFS? Thank you for your time, and for any sage advice on this process. Chris -- Chris Garrison Indiana University Research Systems Storage _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
