Creating the initial cluster

Create the initial cluster.

To complete the initial creation of the cluster, complete the following steps:

1. Enter the initial cluster settings:

   Cluster Setting	Description
   Cluster Name	Specify a unique name for the cluster. Only alphanumeric characters and hyphens are allowed. A hyphen cannot be the first or last character. The length cannot exceed 32 characters. No other characters are allowed.
   Cluster Domain Name	The domain names for the cluster.
   Cluster Subnet Gateway	Specify the IP address of the subnet gateway for the cluster.
   Cluster Subnet Mask	Specify the subnet mask for the subnet that the cluster is a part of.
   IPMI Subnet Gateway (Optional)	Specify the IP address of the Subnet Gateway for the IPMI or iDrac network interfaces. Configuring IPMI while you create a cluster is optional. You can either specify the IPMI configuration when you create the cluster or after you create the cluster.
   IPMI Subnet Mask (Optional)	Specify the Subnet Mask for the IPMI or iDrac Subnet.
   IPMI Username (Optional)	Specify the IPMI username to connect to the IPMI interface for each of the nodes in the cluster. The cluster uses the IPMI username to get system health information about the nodes in the cluster. All nodes in the cluster must use the same IPMI username and IPMI password. Only alphanumeric characters and hyphens are allowed, but a hyphen cannot be the first character. The length cannot exceed 32 characters. The default IPMI username is admin. The cluster does not depend on the IPMI configuration to get system health information about the nodes. For ease of managing the nodes remotely, you can configure IPMI. The IPMI username and password can be set for each node in the cluster and can be different than the IPMI credentials configured for the cluster. The username length should not exceed 16 characters.
   IPMI Password (Optional)	Specify the IPMI password to connect to the IPMI interface for each node in the cluster. All nodes in the cluster must use the same IPMI username and IPMI password. The password can be 8 to 16 characters. It cannot include the following characters: dollar sign ($), asterisk (*), quotation ("), single quotation (`), or backslash (\). The default IPMI password is admin. After you create the cluster, change the default password. For more information, see Changing the default administrator password. The IPMI password can be set for each node in the cluster, and the password can be different from the IPMI password that is configured for the cluster. The password can be 8 to 16 characters. It can include at least the following three characters: Uppercase Lowercase Numbers Special characters, such as: _, -, @, #, ^, &, !, +, ~.
   Search Domains	Specify a domain search list for hostname lookup.
   DNS Servers	The IP addresses of the Domain Name System (DNS) servers that the cluster should use. Separate multiple IPs with commas. Ensure that the Active Directory DNS IP address (if applicable) is listed first. Verify that the specified DNS server can resolve the NTP servers and other entities in the system.
   NTP Servers	Use the external Google Public Network Time Protocol (NTP) server and specifying multiple servers (time1.google.com, time2.google.com, time3.google.com, time4.google.com). Avoid use of the pool.ntp.org or time.nist.org NTP servers, as they are sometimes unavailable and their IP addresses tend to change. If you are using an internal NTP server, use only one server (and no external servers). Specify the IP address or the Fully Qualified Domain Name of the NTP servers. The cluster uses the specified NTP server to synchronize the time on all nodes in the cluster. Note: For assistance with using a Windows NTP server, contact IBM® Support. Also, toggle Use Authentication Key to secure the communication between the NTP server and the cluster. In the Key ID field, enter the Key ID that is associated with the SHA-1 key and in the Key field, enter the SHA-1 key. Note: Only SHA-1 Keys are supported.
   Configure Apps management network	Specify the private IPv4 address for the app subnets. The default IP 192.168.0.0/16 is used for app subnets. If the default IP 192.168.0.0/16 is allocated to a node network, cluster network, or any other network, provide any other private network IP range. Only a private IP range with a minimum subnet size /24 and a maximum subnet size /12 is supported.

2. Optionally, toggle Encryption on. Enabling encryption for a cluster encrypts all data that is to be stored on the cluster.
   Note: To encrypt an entire cluster, you must specify the encryption option when you create the cluster. After a cluster is created, cluster encryption is not editable. If encryption is not enabled for a cluster, you can enable encryption at the Storage Domain level.

   Beginning with version 7.0.1, clusters use AES-256 encryption in the CBC mode. For enhanced security, the clusters automatically use Galois/Counter Mode (GCM) encryption. The cluster provides a built-in Key Management Service (KMS) that automatically generates keys.

   After Encryption is enabled, the following options are available:

   1. The Rotation Period is how often the cluster's encryption key is rotated. After the time period is reached, the old encryption key is replaced by a new key and the data on the cluster remains as it was originally encrypted. The Rotation Period default value is 90 days. You can change this to the value that you want.
   2. FIPS is enabled to operate the cluster under Federal Information Processing Standard 140-2 certification.
      Note: Federal Information Processing Standard (FIPS) 140-2 certification is enabled by default and cannot be disabled.
3. A partition and default Storage Domain are created automatically. All currently selected nodes are added to the partition.
   1. Specify a fully qualified domain name (FQDN). For a cluster that is hosted directly on IBM Storage Ready Node hardware, specify an FQDN that DNS round robin resolves to the specified VIPs.
      If you have not yet added the FQDN with VIPs to DNS, enter the FQDN but do not add the VIPs (see next point).

      Note: Best practice warrants a DNS entry for the cluster's FQDN and VIPs to achieve optimum cluster performance.
   2. Complete VIP Address fields. Specify individual virtual IP addresses or ranges of virtual IP addresses for the cluster. Specifying a VIP range means that network traffic to the cluster can be routed to a range of IP addresses instead of a single IP address. For better load balancing, specify the same number of VIPs as that of nodes in the cluster. Click Add VIP or VIP Range.
      If you do not have VIP addresses yet, leave these fields empty. After the cluster is created, you can add VIP addresses in the cluster UI. Select Settings > Networking and select the VIPs tab.
4. Click Create Cluster. The page displays the cluster creation progress.
5. Wait several minutes to allow services to restart. Click the displayed URL, and log in to the cluster by using the default System Admin account called admin, and the default password admin.
6. Accept the license agreement. The system prompts for you to validate the license either by connecting to IBM Storage Defender Data Management Service or by deploying On Prem and providing the license key.
   1. You might be presented with a IBM Storage Defender Data Protect's End User License Agreement. All IBM terms and conditions agreed to upon the purchase, download and/or install of this software supersede any terms and conditions that are seen here. Click Agree to proceed with the installation.
   2. Select SaaS or On Prem configurations and click Connect.
7. In the Change Password dialog box, enter and confirm the new password for the System Admin account. The minimum length of the password must be 8 characters. An Overview Dashboard page displays.
   Tip: If the cluster creation process is stuck or succeeds with warnings, see Resolving node detection and cluster creation issues. If an issue is detected, make corrections before you continue.