11-17-2017 03:08 AM
Hello!
We have a virtualized environment with HP blade servers connected to a SAN where we intend to run several Linux (RHEL 7.2) VMs and Vertias SF 6.2.1. 15 of these VMs will form a cluster where all cluster nodes will mount and use the same shared disk, so Veritas Storage Foundation Cluster File System HA will be used. The (CVM/CFS) shared disk only be used to store/archive files. However, the requirement is to encrypt the data on the shared disk.
As a primary candidate for encryption, LUKS has been chosen. But from what I can see, LUKS only seem to work with LVM and not with VxVM/CVM.
Does anyone know if it is feasible to use LUKS encryption on a Veritas shared disk? If it’s not feasible, does anyone have a suggestion for a solution?
I suppose file system level encryption, like EncFS/ecryptfs, are possible but would probably have a bigger performance impact.
Best regards
Mattias Lidström
11-19-2017 10:17 PM
Hi
You should be using Infoscale 7.2 for your RHEL 7.2 , 6.2 is very old.
You can encrypt the volumes directly with Infoscale. See page 103 of the guide
11-20-2017 05:13 AM
Hello,
Thank you for your reply. Infoscale seems to be one feasible solution and i want to test it first.
However, it is only possible to download IS7.3.1 whereas i would need IS7.2, just as you say, that supports RHEL7.2.
Do you know were i can download a trial version of InfoScale 7.2? It seems like its not possible to download older versions any more.
Best regards
Mattias Ldström
11-20-2017 07:01 AM
Hi,
I can put it on dropbox if you're able to access that.
Let me know.
11-20-2017 11:56 PM
Hello,
That would be excellent! Thank you!
Best regards
Mattias Lidström
11-27-2017 10:54 PM
Hello
How did the testing go?
11-29-2017 12:05 AM
Hello!
Well, so far i have created a non-shared VxVM/VxFS handled encrypted volume to see that the encryption is transparent for the application that distributes the files.
And that works just fine!
Now i have setup a single node cluster (not using LLT, GAB or VxFEN) and will create an encrypted CVM/CFS volume to verify that the end solution setup will work.
But for some reason the cvm service group does not come online. Im starting to suspect that i actually do need the LLT/GAB to be able to configure CVM/CFS.
# vxdctl -c mode
mode: enabled: cluster inactive
# /opt/VRTS/bin/cfscluster status
Node : csua2-emm1
Cluster Manager : running
CVM state : not-running
No mount point registered with cluster configuration
Best regards
Mattias Lidström
11-29-2017 12:52 AM
Yes, a real CLUSTER (with LLT, GAB, FENCE, etc) is required for CVM (can't create a cluster shared volume if you're not really sharing it)