We have a virtualized environment with HP blade servers connected to a SAN where we intend to run several Linux (RHEL 7.2) VMs and Vertias SF 6.2.1. 15 of these VMs will form a cluster where all cluster nodes will mount and use the same shared disk, so Veritas Storage Foundation Cluster File System HA will be used. The (CVM/CFS) shared disk only be used to store/archive files. However, the requirement is to encrypt the data on the shared disk.
As a primary candidate for encryption, LUKS has been chosen. But from what I can see, LUKS only seem to work with LVM and not with VxVM/CVM.
Does anyone know if it is feasible to use LUKS encryption on a Veritas shared disk? If it’s not feasible, does anyone have a suggestion for a solution?
I suppose file system level encryption, like EncFS/ecryptfs, are possible but would probably have a bigger performance impact.
You should be using Infoscale 7.2 for your RHEL 7.2 , 6.2 is very old.
You can encrypt the volumes directly with Infoscale. See page 103 of the guide
Thank you for your reply. Infoscale seems to be one feasible solution and i want to test it first.
However, it is only possible to download IS7.3.1 whereas i would need IS7.2, just as you say, that supports RHEL7.2.
Do you know were i can download a trial version of InfoScale 7.2? It seems like its not possible to download older versions any more.
Well, so far i have created a non-shared VxVM/VxFS handled encrypted volume to see that the encryption is transparent for the application that distributes the files.
And that works just fine!
Now i have setup a single node cluster (not using LLT, GAB or VxFEN) and will create an encrypted CVM/CFS volume to verify that the end solution setup will work.
But for some reason the cvm service group does not come online. Im starting to suspect that i actually do need the LLT/GAB to be able to configure CVM/CFS.
# vxdctl -c mode
mode: enabled: cluster inactive
# /opt/VRTS/bin/cfscluster status
Node : csua2-emm1
Cluster Manager : running
CVM state : not-running
No mount point registered with cluster configuration