Do not forget, There ARE some limitations to using encryption with GPFS. Example: Using GPFS encryption means you lose the ability to put small files into the inode space (a HUGE speed increase normally) and HAWC (highly available write cache) and I thought LROC, but I could be wrong about that last one as it’s been a while since I read about that.
Scale still uses a primary/backup method for encryption access which I dislike. I would LOVE if it had options such as round robin or other method (random,etc). And their “hey, just change up the order in the config file on your nodes” isn’t simple at Scale if you use methods like NFS root or other stateless setups for moderate to large numbers of compute clients. And lastly I REALLY REALLY REALLY hate that SKLM has dumped their command line for REST only access, and is also switching from PVUs to a capacity based-style license. Just my .02 Ed Wahl Ohio Supercomputer Center From: gpfsug-discuss <[email protected]> On Behalf Of Alec Sent: Tuesday, May 23, 2023 6:54 PM To: gpfsug main discussion list <[email protected]> Subject: Re: [gpfsug-discuss] Support for TLS 1.3 to work with SKLM I'm not sure what it costs. . but I can say for sure that if it's properly leveraged the money it saves on hardware can be exceptional. I don't know how to put a value on a technology that has remained the best solution for so long. . . I'm not sure what it costs.. but I can say for sure that if it's properly leveraged the money it saves on hardware can be exceptional. I don't know how to put a value on a technology that has remained the best solution for so long... We haven't had to reengineer anything to remain top dog on so many metrics (availability, throughput, enterprise standards, backups, failover, etc....) So don't think about the line item cost think of the cost per user, gb, Gbps, whatever makes you happy to pay it. 。◕‿◕。 Alec On Tue, May 23, 2023, 5:29 PM Ryan Novosielski <[email protected]<mailto:[email protected]>> wrote: We looked into it, but couldn’t afford the licenses. As it stands now, our “standard” licenses (or the Lenovo equivalent — data management, or data access? I forget) are apparently about to double in price. Glad to hear that if something changed in that area, it works well. On May 23, 2023, at 17:23, Alec <[email protected]<mailto:[email protected]>> wrote: For those who don't use GPFS encryption. I can say the GPFS version is fantastic. Our write performance was nominally faster due to the compression of encryption I suppose. But it works flawlessly and at speed. Alec On Tue, May 23, 2023, 4:51 PM Ryan Novosielski <[email protected]<mailto:[email protected]>> wrote: Thanks! We don’t use encryption, which is I suppose why I was unfamiliar. Happy to vote for it though. On May 23, 2023, at 16:31, Alec <[email protected]<mailto:[email protected]>> wrote: For GPFS encryption we use an IBM SKLM (Key Server) and it uses SSL certificates for that communication. The SKLM server needs to provide / use TLS 1.3 SSL to pass our security standards but GPFS doesn't state it will support that. Alec On Tue, May 23, 2023, 3:25 PM Ryan Novosielski <[email protected]<mailto:[email protected]>> wrote: There’s very little detail there. Can you elaborate on what this is actually for/where it is used in GPFS? -- #BlackLivesMatter ____ || \\UTGERS<file://UTGERS>, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - [email protected]<mailto:[email protected]> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On May 22, 2023, at 23:16, Alec <[email protected]<mailto:[email protected]>> wrote: Hello we are being asked to support TLS 1.3 in our configuration. Can I ask that folks upvote this RFE to help get it addressed? https://ibm-sys-storage.ideas.ibm.com/ideas/GPFS-I-964<https://urldefense.com/v3/__https:/ibm-sys-storage.ideas.ibm.com/ideas/GPFS-I-964__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qykqE9yF$> Alec _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qyBaV9Oo$> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qzm_kxZc$> _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qyBaV9Oo$> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qzm_kxZc$> _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qyBaV9Oo$> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qzm_kxZc$> _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qyBaV9Oo$> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qzm_kxZc$> _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9q2EjJXiF$> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qzm_kxZc$> _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9q2EjJXiF$> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org<https://urldefense.com/v3/__http:/gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org__;!!KGKeukY!x8bxEo80KREwZ-romjUkrVzIa1VlCs95LFHFkRywpDUB9a3SeuVe6-vfEZHdv1WIX6z9qzm_kxZc$>
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
