Shared file system access among IBM Storage Scale clusters

IBM Storage Scale allows you to share data between separate clusters within a location or across a WAN.

IBM Storage Scale clusters are independently managed, but IBM Storage Scale also shares data access through remote cluster mounts. This is known as a multicluster environment. When multiple clusters are configured to access the same IBM Storage Scale file system, IBM® Global Security Kit (GSKit) is used to authenticate and check authorization for all network connections.

With GSKit, all messages within and across clusters are authenticated. You can also configure a cipherList to cause messages to be encrypted for transmissions.

The multicluster environment has the following features:

The cluster that is hosting the file system can specify different security levels for each cluster authorized to mount a particular file system.
The local cluster can remain active while changing security keys. Periodic changing of keys is necessary for a variety of reasons:
- The number of keys should remain small to facilitate good performance.
- Key changes prevent use or continued use of compromised keys.
- As a matter of policy, some institutions require security keys to be changed periodically.

IBM Storage Scale uses public key authentication in a manner similar to the host-based authentication mechanism of OpenSSH. Each cluster has a pair of these keys that identify the cluster. In addition, each cluster also has an authorized_keys list. Each line in the authorized_keys list contains the public key of one remote cluster and a list of the file systems that the cluster is authorized to mount. For more information, see Accessing a remote GPFS file system.

For more information, see Introduction to Active File Management (AFM).