Transcription
IBM Spectrum ScaleVersion 5.0.0Administration GuideIBMSC27-9220-03
IBM Spectrum ScaleVersion 5.0.0Administration GuideIBMSC27-9220-03
NoteBefore using this information and the product it supports, read the information in “Notices” on page 707.This edition applies to version 5 release 0 modification 0 of the following products, and to all subsequent releasesand modifications until otherwise indicated in new editions:v IBM Spectrum Scale ordered through Passport Advantage (product number 5725-Q01)v IBM Spectrum Scale ordered through AAS/eConfig (product number 5641-GPF)v IBM Spectrum Scale for Linux on Z (product number 5725-S28)v IBM Spectrum Scale for IBM ESS (product number 5765-ESS)Significant changes or additions to the text and illustrations are indicated by a vertical line ( ) to the left of thechange.IBM welcomes your comments; see the topic “How to send your comments” on page xxvii. When you sendinformation to IBM, you grant IBM a nonexclusive right to use or distribute the information in any way it believesappropriate without incurring any obligation to you. Copyright IBM Corporation 2014, 2018.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
ContentsTables . . . . . . . . . . . . . . . xiDeleting a Cluster Export Services node from anIBM Spectrum Scale cluster . . . . . . . . . 33Setting up Cluster Export Services groups in an IBMSpectrum Scale cluster . . . . . . . . . . . 34About this information. . . . . . . . xiiiPrerequisite and related information. . . . . . xxvConventions used in this information . . . . . xxviHow to send your comments . . . . . . . xxviiChapter 3. Configuring and tuning yoursystem for GPFS . . . . . . . . . . 37General system configuration and tuningconsiderations . . . . . . . . . . .Clock synchronization . . . . . . . .GPFS administration security . . . . .Cache usage . . . . . . . . . . .Access patterns . . . . . . . . . .Aggregate network interfaces . . . . .Swap space . . . . . . . . . . .Linux configuration and tuning considerationsupdatedb considerations . . . . . . .Memory considerations . . . . . . .GPFS helper threads . . . . . . . .Communications I/O . . . . . . . .Disk I/O . . . . . . . . . . . .AIX configuration and tuning considerations .GPFS use with Oracle . . . . . . . .Summary of changes. . . . . . . . xxixChapter 1. Configuring the GPFS cluster 1 Creating your GPFS cluster . . . . . . . . . 1Displaying cluster configuration information . . . 1Basic configuration information . . . . . . . 1Information about protocol nodes . . . . . . 2Adding nodes to a GPFS cluster . . . . . . . . 2Deleting nodes from a GPFS cluster . . . . . . 3Changing the GPFS cluster configuration data . . . 4Security mode . . . . . . . . . . . . . 16Running IBM Spectrum Scale commands withoutremote root login . . . . . . . . . . . . 17Configuring sudo . . . . . . . . . . . 17Configuring the cluster to use sudo wrapperscripts . . . . . . . . . . . . . . . 18Configuring IBM Spectrum Scale GUI to usesudo wrapper . . . . . . . . . . . . 19Configuring a cluster to stop using sudo wrapperscripts . . . . . . . . . . . . . . . 19Root-level processes that call administrationcommands directly . . . . . . . . . . . 19Node quorum considerations . . . . . . . . 20Node quorum with tiebreaker considerations . . . 20Displaying and changing the file system managernode. . . . . . . . . . . . . . . . . 21Determining how long mmrestripefs takes tocomplete . . . . . . . . . . . . . . . 21Starting and stopping GPFS . . . . . . . . . 22Shutting down an IBM Spectrum Scale cluster . . . 23Chapter 2. Configuring the CES andprotocol configuration . . . . . . . . 25Configuring Cluster Export Services . . . . . .Setting up Cluster Export Services shared rootfile system. . . . . . . . . . . . . .Configuring Cluster Export Services nodes . . .Configuring CES protocol service IP addresses .CES IP aliasing to network adapters on protocolnodes . . . . . . . . . . . . . . .Deploying Cluster Export Services packages onexisting IBM Spectrum Scale 4.1.1 and later nodesVerifying the final CES configurations . . . .Creating and configuring file systems and filesetsfor exports. . . . . . . . . . . . . . .Configuring with the installation toolkit . . . . . Copyright IBM Corp. 2014, 201825252626.373737384040414141414242424343Chapter 4. Parameters for performancetuning and optimization . . . . . . . 45Tuning parameters change history . 48Chapter 5. Ensuring high availability ofthe GUI service . . . . . . . . . . . 53Chapter 6. Configuring and tuning yoursystem for Cloud services . . . . . . 55 2732323333. Designating the Cloud services nodes . . . .Starting up the Cloud services software . . . .Managing a cloud storage account. . . . . .Defining cloud storage access points (CSAP) . .Creating Cloud services . . . . . . . . .Configuring Cloud services with SKLM (optional)Binding your file system or fileset to the Cloudservice by creating a container pair set . . . .Backing up the Transparent cloud tiering databaseto the cloud . . . . . . . . . . . . .Backing up the Cloud services configuration . .Enabling a policy for Cloud data sharing exportservice . . . . . . . . . . . . . . .Tuning Cloud services parameters . . . . . .Integrating Cloud services metrics with theperformance monitoring tool . . . . . . .GPFS-based configuration . . . . . . .File-based configuration . . . . . . . .Setting up Transparent cloud tiering service on aremotely mounted client . . . . . . . . .Deploying WORM solutions . . . . . . . .555657585960. 61. 63. 64. 65. 66. 68. 69. 70. 71. 73iii
Creating immutable filesets and files . . . . . 73Setting up Transparent cloud tiering for WORMsolutions . . . . . . . . . . . . . . 74 Chapter 7. Configuring file auditlogging . . . . . . . . . . . . . . 83Enabling file audit logging on a file system. . .Disabling file audit logging on a file system . .Disabling the message queue for the cluster . .Actions taken when enabling the message queueand file audit logging . . . . . . . . . . 83. 83. 83. 84Chapter 8. Configuring Active FileManagement . . . . . . . . . . . . 87Configuration parameters for AFM . . . .Parallel I/O configuration parameters for AFM. 87. 91Chapter 9. Configuring AFM-based DRConfiguration parameters for AFM-based DR .Parallel I/O configuration parameters forAFM-based DR . . . . . . . . . . .93. 93. 94Chapter 10. Tuning for Kernel NFSbackend on AFM and AFM DR . . . . 97Tuning the gateway node on the NFS client . .Tuning on both the NFS client (gateway) and theNFS server (the home/secondary cluster) . . .Tuning the NFS server on the home/secondarycluster or the NFS server . . . . . . . . . 97. 97. 98Chapter 11. Performing GPFSadministration tasks . . . . . . . . 101Requirements for administering a GPFS file systemadminMode configuration attribute . . . . .Common GPFS command principles . . . . .Specifying nodes as input to GPFS commandsStanza files . . . . . . . . . . . . .Listing active IBM Spectrum Scale commands101102103103104106Listing file system attributes . . . . . . .Modifying file system attributes . . . . . .Querying and changing file replication attributesQuerying file replication . . . . . . . .Changing file replication attributes . . . .Using Direct I/O on a file in a GPFS file systemFile compression . . . . . . . . . . .Setting the Quality of Service for I/O operations(QoS) . . . . . . . . . . . . . . .Restriping a GPFS file system . . . . . . .Querying file system space . . . . . . . .Querying and reducing file system fragmentationQuerying file system fragmentation . . . .Reducing file system fragmentation . . . .Protecting data in a file system using backup. .Protecting data in a file system using themmbackup command . . . . . . . .Backing up a file system using the GPFS policyengine . . . . . . . . . . . . . .Backing up file system configurationinformation . . . . . . . . . . . .Using APIs to develop backup applications .Scale Out Backup and Restore (SOBAR) . . .Scheduling backups using IBM Spectrum Protectscheduler . . . . . . . . . . . . . .Configuration reference for using IBM SpectrumProtect with IBM Spectrum Scale . . . . . .Options in the IBM Spectrum Protectconfiguration file dsm.sys . . . . . . .Options in the IBM Spectrum Protectconfiguration file dsm.opt . . . . . . .Base IBM Spectrum Protect client configurationfiles for IBM Spectrum Scale usage . . . .Restoring a subset of files or directories from alocal file system snapshot . . . . . . . .Restoring a subset of files or directories from alocal fileset snapshot . . . . . . . . . .Restoring a subset of files or directories from localsnapshots using the sample script . . . . .Creating and managing file systems using GUI . 116. 117118. 118. 118119. 119. 125. 128. 129130. 130. 131. 132. 132. 138. 138. 138. 139. 139. 140. 140. 142. 143. 144. 145. 146. 147Chapter 12. Verifying networkoperation with the mmnetverifycommand . . . . . . . . . . . . . 107Chapter 14. File system formatchanges between versions of IBMSpectrum Scale . . . . . . . . . . 153Chapter 13. Managing file systemsChapter 15. Managing disks . . . . . 157109Mounting a file system . . . . . . . . . .Mounting a file system on multiple nodes . . .Mount options specific to IBM Spectrum ScaleMounting a file system through GUI. . . . .Changing a file system mount point on protocolnodes . . . . . . . . . . . . . . .Unmounting a file system . . . . . . . . .Unmounting a file system on multiple nodesUnmounting a file system through GUI . . .Deleting a file system. . . . . . . . . . .Determining which nodes have a file systemmounted . . . . . . . . . . . . . . .Checking and repairing a file system . . . . .Dynamic validation of descriptors on disk . . . .ivIBM Spectrum Scale 5.0.0: Administration g disks in a GPFS cluster . . . .Adding disks to a file system . . . . . .Deleting disks from a file system . . . . .Replacing disks in a GPFS file system . . .Additional considerations for managing disksDisplaying GPFS disk states . . . . . .Disk availability . . . . . . . . .Disk status . . . . . . . . . . .Changing GPFS disk states and parameters .Changing your NSD configuration . . . .Changing NSD server usage and failback . .Enabling and disabling Persistent Reserve . .157158158160162162162162163165166166
Chapter 16. Managing protocolservices. . . . . . . . . . . . . . 169Configuring and enabling SMB and NFS protocolservices . . . . . . . . . . . . . .Configuring and enabling the Object protocolservice. . . . . . . . . . . . . . .Performance tuning for object services . . .Configuring and enabling the BLOCK service .Disabling protocol services . . . . . . . . 169.170171171173Chapter 17. Managing protocol userauthentication . . . . . . . . . . . 175 Setting up authentication servers to configureprotocol user access . . . . . . . . . . .Integrating with AD server . . . . . . . .Integrating with LDAP server . . . . . . .Integrating with Keystone Identity Service . .Configuring authentication and ID mapping for fileaccess . . . . . . . . . . . . . . . .Prerequisite for configuring Kerberos-basedSMB access . . . . . . . . . . . . .Configuring AD-based authentication for fileaccess . . . . . . . . . . . . . . .Configuring LDAP-based authentication for fileaccess . . . . . . . . . . . . . . .Configuring NIS-based authentication . . . .Authentication considerations for NFSv4 basedaccess . . . . . . . . . . . . . . .Prerequisites for configuring Kerberos basedNFS access . . . . . . . . . . . . .Managing user-defined authentication . . . . .Configuring authentication for object access . . .Configuring local authentication for objectaccess . . . . . . . . . . . . . . .Configuring an AD-based authentication forobject access . . . . . . . . . . . . .Configuring an LDAP-based authentication forobject access . . . . . . . . . . . . .Configuring object authentication with anexternal keystone server . . . . . . . . .Creating object accounts . . . . . . . . .Managing object users, roles, and projects . . .Deleting expired tokens . . . . . . . . .Deleting the authentication and the ID mappingconfiguration . . . . . . . . . . . . .Listing the authentication configuration . . . .Verifying the authentication services configured inthe system . . . . . . . . . . . . . .Modifying the authentication method . . . . .Authentication limitations . . . . . . . . 09210211214215216217218218Chapter 18. Managing protocol dataexports . . . . . . . . . . . . . . 223Managing SMB shares . . . . .Creating SMB share . . . . .Changing SMB share configurationCreating SMB share ACLs . . .Removing SMB shares . . . .Listing SMB shares . . . . .Managing SMB shares using MMC.223223224224224224225Managing NFS exports . . . . . .Creating NFS exports. . . . . .Changing NFS export configuration .Removing NFS exports . . . . .Listing NFS exports . . . . . .GUI navigation for NFS exports . .Making bulk changes to NFS exportsMultiprotocol exports . . . . . .Multiprotocol export considerations . .Chapter 19. Managing object g and managing Object services . .Understanding the mapping of OpenStackcommands to IBM Spectrum Scale administratorcommands . . . . . . . . . . . . . .Changing Object configuration values . . . . .Changing the object base configuration to enableS3 API. . . . . . . . . . . . . . . .Configuring OpenStack EC2 credentials . . . .Managing OpenStack access control lists using S3API. . . . . . . . . . . . . . . . .Managing object capabilities . . . . . . . .Managing object versioning . . . . . . . .Enabling object versioning . . . . . . . .Disabling object versioning . . . . . . . .Creating a version of an object: Example . . .Mapping of storage policies to filesets . . . . .Administering storage policies for object storageCreating storage policy for object compressionCreating storage policy for object encryptionAdding a region in a multi-region objectdeployment . . . . . . . . . . . . . .Administering a multi-region object deploymentenvironment. . . . . . . . . . . . . .Unified file and object access in IBM SpectrumScale . . . . . . . . . . . . . . . .Enabling object access to existing filesets . . .Identity management modes for unified file andobject access . . . . . . . . . . . . .Authentication in unified file and object accessValidating shared authentication ID mappingThe objectizer process . . . . . . . . .File path in unified file and object access . . .Administering unified file and object access . .In-place analytics using unified file and objectaccess . . . . . . . . . . . . . . .Limitations of unified file and object access . .Constraints applicable to unified file and objectaccess . . . . . . . . . . . . . . .Data ingestion examples. . . . . . . . .curl commands for unified file and object accessrelated user tasks . . . . . . . . . . .Configuration files for IBM Spectrum Scale forobject storage . . . . . . . . . . . . .Backing up and restoring object storage . . . .Backing up the object storage . . . . . . .Restoring the object storage . . . . . . .Configuration of object for isolated node andnetwork groups . . . . . . . . . . . .Enabling the object heatmap policy . . . . . 272275276278280282
Chapter 20. Managing GPFS quotasEnabling and disabling GPFS quota managementDefault quotas . . . . . . . . . . . .Implications of quotas for different protocols . .Explicitly establishing and changing quotas . .Setting quotas for users on a per-project basis .Checking quotas . . . . . . . . . . .Listing quotas . . . . . . . . . . . .Activating quota limit checking . . . . . .Deactivating quota limit checking . . . . .Changing the scope of quota limit checking . .Creating file system quota reports . . . . .Restoring quota files . . . . . . . . . .285.285286288289290292293294295295295296Chapter 21. Managing GUI users . . . 299Chapter 22. Managing GPFS accesscontrol lists . . . . . . . . . . . . 303Traditional GPFS ACL administration . . . .Setting traditional GPFS access control lists .Displaying traditional GPFS access control listsApplying an existing traditional GPFS accesscontrol list . . . . . . . . . . . .Changing traditional GPFS access control listsDeleting traditional GPFS access control listsNFS V4 ACL administration . . . . . . .NFS V4 ACL Syntax . . . . . . . . .NFS V4 ACL translation . . . . . . . .Setting NFS V4 access control lists . . . .Displaying NFS V4 access control lists . . .Applying an existing NFS V4 access control listChanging NFS V4 access control lists . . .Deleting NFS V4 access control lists . . . .Considerations when using GPFS with NFS V4ACLs . . . . . . . . . . . . . .NFS and GPFS . . . . . . . . . . . .Exporting a GPFS file system using NFS . .NFS usage of GPFS cache . . . . . . .Synchronous writing using NFS . . . . .Unmounting a file system after NFS export .NFS automount considerations . . . . .Clustered NFS and GPFS on Linux . . . .Authorizing protocol users . . . . . . . .Authorizing file protocol users . . . . .Authorizing object users. . . . . . . .Authorization limitations . . . . . . . 303. 304305. 305306306. 307. 307. 309. 310. 310310. 310. 311.311311311315315315315316316316326332Chapter 23. Considerations for GPFSapplications . . . . . . . . . . . . 335Exceptions to Open Group technical standards . .Determining if a file system is controlled by GPFSExceptions and limitations to NFS V4 ACLssupport . . . . . . . . . . . . . . .Linux ACLs and extended attributes. . . . .General CES NFS Linux exceptions and limitationsConsiderations for the use of direct I/O(O DIRECT). . . . . . . . . . . . . .NFS protocol node limitations . . . . . . . .viIBM Spectrum Scale 5.0.0: Administration Guide335335336336337337338Chapter 24. Accessing a remote GPFSfile system . . . . . . . . . . . . 339Remote user access to a GPFS file system . . .Using NFS/SMB protocol over remote clustermounts . . . . . . . . . . . . . .Configuring protocols on a separate cluster .Managing multi-cluster protocol environmentsUpgrading multi-cluster environments . . .Limitations of protocols on remotely mountedfile systems . . . . . . . . . . . .Mounting a remote GPFS file system . . . .Managing remote access to a GPFS file system .Using remote access with public and private IPaddresses. . . . . . . . . . . . . .Using multiple security levels for remote accessChanging security keys with remote access . .NIST compliance . . . . . . . . . . .Important information about remote access . . 341. 342. 343344. 345. 345. 346. 348. 348350. 351. 352. 353Chapter 25. Information lifecyclemanagement for IBM Spectrum Scale . 355Storage pools . . . . . . . . . . . .Internal storage pools . . . . . . . .External storage pools . . . . . . . .Policies for automating file management . . .Overview of policies . . . . . . . . .Policy rules . . . . . . . . . . . .The mmapplypolicy command and policy rulesPolicy rules: Examples and tips . . . . .Managing policies . . . . . . . . . .Working with external storage pools. . . .Backup and restore with storage pools . . .ILM for snapshots . . . . . . . . . .Filesets . . . . . . . . . . . . . .Fileset namespace . . . . . . . . . .Filesets and quotas . . . . . . . . .Filesets and storage pools . . . . . . .Filesets and global snapshots . . . . . .Fileset-level snapshots . . . . . . . .Filesets and backup . . . . . . . . .Managing filesets . . . . . . . . . .Immutability and appendOnly features . . . 03404404405408Chapter 26. Creating and maintainingsnapshots of file systems . . . . . . 413Creating a snapshot . . . . . . . . .Listing snapshots . . . . . . . . . .Restoring a file system from a snapshot . .Reading a snapshot with the policy engine .Linking to a snapshot . . . . . . . .Deleting a snapshot . . . . . . . . .Managing snapshots using IBM Spectrum ScaleGUI . . . . . . . . . . . . . .413414415416416417. 418Chapter 27. Creating and managingfile clones . . . . . . . . . . . . . 421Creating file clonesListing file clones .Deleting file clones. 421. 422. 423
Splitting file clones from clone parents .File clones and disk space managementFile clones and snapshots . . . . .File clones and policy files . . . . .423423423424Chapter 28. Scale Out Backup andRestore (SOBAR). . . . . . . . . . 425Backup procedure with SOBAR .Restore procedure with SOBAR . 425. 427Chapter 29. Data Mirroring andReplication . . . . . . . . . . . . 431General considerations for using storage replicationwith GPFS . . . . . . . . . . . . . .Data integrity and the use of consistency groupsHandling multiple versions of IBM Spectrum Scaledata . . . . . . . . . . . . . . . .Continuous Replication of IBM Spectrum Scaledata . . . . . . . . . . . . . . . .Synchronous mirroring with GPFS replicationSynchronous mirroring utilizing storage basedreplication . . . . . . . . . . . . .Point In Time Copy of IBM Spectrum Scale data432432432433433443451Chapter 30. Implementing a clusteredNFS environment on Linux . . . . . 455NFS monitoring . . . . .NFS failover . . . . . . .NFS locking and load balancingCNFS network setup . . . .CNFS setup . . . . . . .CNFS administration . . . .455455455456456457Chapter 31. Implementing ClusterExport Services . . . . . . . . . . 459CES features. . . . . . . . . . . . .CES cluster setup . . . . . . . . . .CES network configuration . . . . . . .CES address failover and distribution policiesCES protocol management . . . . . . .CES management and administration . . .CES NFS support . . . . . . . . . . .CES SMB support . . . . . . . . . . .CES OBJ support . . . . . . . . . . .Migration of CNFS clusters to CES clusters . . 459. 459. 460461. 462. 462. 463. 465. 466. 469Chapter 32. Identity management onWindows . . . . . . . . . . . . . 473Auto-generated ID mappings . .Installing Windows IMU . . .Configuring ID mappings in IMU. 473. 473. 474Chapter 33. Protocols cluster disasterrecovery . . . . . . . . . . . . . 477Protocols cluster disaster recovery limitations andprerequisites. . . . . . . . . . . . . . 477Example setup for protocols disaster recovery . . 478Setting up gateway nodes to ensure clustercommunication during failover . . . . . .Creating the inband disaster recovery setup . .Creating the outband disaster recovery setup . .Performing failover for protocols cluster whenprimary cluster fails . . . . . . . . . .Re-create file export configuration . . . .Restore file export configuration . . . . .Performing failback to old primary for protocolscluster . . . . . . . . . . . . . . .Re-create file protocol configuration for oldprimary . . . . . . . . . . . . .Restore file protocol configuration for oldprimary . . . . . . . . . . . . .Performing failback to new primary for protocolscluster . . . . . . . . . . . . . . .Re-create file protocol configuration for newprimary . . . . . . . . . . . . .Restore file protocol configuration for newprimary . . . . . . . . . . . . .Backing up and restoring protocols and CESconfiguration information . . . . . . . .Updating protocols and CES configurationinformation . . . . . . . . . . . . .Protocols and cluster configuration data requiredfor disaster recovery . . . . . . . . . .Object data required for protocols cluster DRSMB data required for protocols cluster DR .NFS data required for protocols cluster DR .Authentication related data required forprotocols cluster DR . . . . . . . . .CES data required for protocols cluster DR .Chapter 34. File Placement Optimizer. 479. 479. 481. 483. 483. 483. 484. 484. 485. 487. 487. 490. 493. 494. 494494. 500. 502. 503. 504507Distributing data across a cluster . . . . . . .FPO pool file placement and AFM . . . . . .Configuring FPO . . . . . . . . . . . .Configuring IBM Spectrum Scale Clusters . . .Basic Configuration Recommendations . . . .Configuration and tuning of Hadoop workloadsConfiguration and tuning of databaseworkloads . . . . . . . . . . . . .Configuring and tuning SparkWorkloads . . .Ingesting data into IBM Spectrum Scale clustersExporting data out of IBM Spectrum Scale clustersUpgrading FPO . . . . . . . . . . . .Monitoring and administering IBM Spectrum ScaleFPO clusters. . . . . . . . . . . . . .Rolling upgrades . . . . . . . . . . .The IBM Spectrum Scale FPO cluster . . . .Failure detection . . . . . . . . . . .Disk Failures . . . . . . . . . . . .Node failure. . . . . . . . . . . . .Handling multiple nodes failure . . . . . .Network switch failure . . . . . . . . .Data locality. . . . . . . . . . . . .Disk Replacement . . . . . . . . . . .Auto recovery . . . . . . . . . . . . .Failure and recovery . . . . . . . . . .QoS support for autorecovery . . . . . . .Restrictions . . . . . . . . . . . . . 5537537539541541542550552552554554vii
Chapter 35. Encryption . . . . . . . 557 Encryption keys . . . . . . . . . . . .Encryption policies . . . . . . . . . . .Encryption policy rules . . . . . . . . . .Preparation for encryption . . . . . . . . .Establishing an encryption-enabled environmentSimplified setup: Using SKLM with aself-signed certificate . . . . . . . . . .Simplified setup: Using SKLM with a certificatechain . . . . . . . . . . . . . . .Simplified setup: Valid and invalidconfigurations . . . . . . . . . . . .Simplified setup: Accessing a remote file systemSimplified setup: Doing other tasks . . . . .Regular setup: Using SKLM with a self-signedcertificate . . . . . . . . . . . . . .Regular setup: Using SKLM with a certificatechain . . . . . . . . . . . . . . .Configuring encryption with SKLM v2.7 . . .Configuring encryption with the Vormetric DSMkey server . . . . . . . . . . . . .Renewing client and server certificates . . . .Secure deletion . . . . . . . . . . . . .Encryption and standards compliance . . . . .Encryption and FIPS-140-2 certification . . . .Encryption and NIST SP800-131A complianceEncryption in a multicluster environment . . . .Encryption in a Disaster Recovery environmentEncryption and backup/restore . . . . . . .Encryption and snapshots . . . . . . . . .Encryption and a local read-only cache (LROC)device . . . . . . . . . . . . . . . .Encryption requirements and limitations . . . 36636637637637637638638638Chapter 36. Managing certificates tosecure communications between GUIweb server and web browsers . . . . 641Chapter 37. Securing protocol data643Planning for protocol data security . . . . .Configuring protocol data security . . . . .Enabling secured connection between the IBMSpectrum Scale system and authenticationserver . . . . . . . . . . . . . .Securing data transfer . . . . . . . .Securing NFS data transfer . . . . . . .Securing SMB data transfer. . . . . . .Secured object data transfer . . . . . .Data security limitations. . . . . . . . . 645. 645.645648648651651651Chapter 38. Cloud services:Transparent cloud tiering and Clouddata sharing . . . . . . . . . . . . 653Administering Transparent cloud tiering and Clouddata sharing services . . . . . . . . . . .Stopping Cloud services software . . . . .Monitoring the health of Cloud servicessoftware . . . . . . . . . . . . . .Checking the Cloud services version . . . .viiiIBM Spectrum Scale 5.0.0: Administration Guide 653653653655 Administering files for Transparent cloud tieringApplying a policy on a Transparent cloudtiering node . . . . . . . . . . . . .Migrating files to the cloud storage tier. . . .Pre-migrating files to the cloud storage tier . .Recalling files from the cloud storage tier . . .Reconciling files between IBM Spectrum Scalefile system and cloud storage tier. . . . . .Cleaning up files transferred to the cloudstorage tier . . . . . . . . . . . . .Deleting cloud objects . . . . . . . . .Listing files migrated to the cloud storage tierRestoring files . . . . . . . . . . . .Restoring Cloud services configuration . . . .Checking the Cloud services database integrityRestoring Transparent cloud tiering service on abackup cluster . . . . . . . . . . . .Manual recovery of Transparent cloud tieringdatabase . . . . . . . . . . . . . .Cloud data sharing . . . . . . . . . . .Listing files exported to the cloud . . . . .Importing cloud objects exported through anold version of Cloud data sharing . . . . .Scheduling recommendations for Transparent cloudtiering tasks . . . . . . . . . . . . . .Known limitations of Cloud services . . . . 72672673Chapter 39. Managing file auditlogging . . . . . . . . . . . . . . 675Stopping consumers in file audit logging . . . .Starting consumers in file audit logging . . . .Displaying topics that are registered in the messagequeue for file audit logging . . . . . . . .Enabling file audit logging on a new spectrumscalecluster node . . . . . . . . . . . . . .675675675676Chapter 40. Highly available writecache (HAWC) . . . . . . . . . . . 677Applications that can benefit from HAWC. .Restrictions and tuning recommendations forHAWC . . . . . . . . . . . . .Using HAWC . . . . . . . . . . . 678. 678. 679Chapter 41. Local read-only cache681Chapter 42. Miscellaneous advancedadministration topics . . . . . . . . 683Changing IP addresses and host names. . . .Enabling a cluster for IPv6 . . . . . . . .Using multiple token servers . . . . . . .Exporting file system definitions between clustersIBM Spectrum Scale port usage . . . . . .Securing the IBM Spectrum Scale system usingfirewall . . . . . . . . . . . . . .Firewall recommendations
Integrating with Keystone Identity Service . . 181 Configuring authentication and ID mapping for file access . . 182 Pr er equisite for configuring Kerber os-based SMB access . . 183 Configuring AD-based authentication for file access . . 184 Configuring LDAP-based authentication for file access . . 191
