Other considerations

Consider these security, monitoring, and maintenance aspects while you are planning for the deployment of IBM Storage Scale on public clouds.

Planning for accessing a new IBM Storage Scale cluster

When accessing the IBM Storage Scale cluster from an on-premise environment, it is recommended to use a reliable and secure network connection between on-premise and cloud environment.

The cloudkit allows following way to connect to the IBM Storage Scale cluster on the cloud.

  • Jump host or bastion host
  • Direct
  • Cloud VM
A direct connect entails either of these options:
  • Directly connected leased, dedicated, and private connection
  • A VPN encrypted connection established between the on-premise data center and cloud VPC.

If a jump host is preferred, it can be used as an intermediary server to provide secure access to other resources within the cloud network.

With a jump host, users first connect to it and then use it to connect to other resources in the network. This can be useful in scenarios where direct connectivity is not possible or desired.

If Cloud VM is preferred, it connects from a Cloud VM deployed on same cloud.


? Connectivity method to cloud:   [Use arrows to move, type to filter]
> JumpHost | Recommended when cloudkit is executed from an on-premise/local VM and your network cannot reach your cloud private network (Provisions an intermediatory jump host)
  Direct | Recommended when cloudkit is executed from an on-premise/local VM and your network is directly connected to your cloud network (e.g. AWS Direct Connect)
  Cloud-VM | Recommended when cloudkit is executed from a cloud VM and you want to provision the scale VM(s) using the same VPC as the cloud VM

Planning for security

While cloudkit configures the scaled instances with limited permissions during deployment, it is important to note that security is ultimately the responsibility of the user. It is recommended to ensure adequate security measures are in place to protect the resources and data stored in the cloud environment. This includes using strong authentication and access controls, encrypting sensitive data, regularly monitoring, and auditing access and activity logs, and keeping software and applications up to date with the latest security patches.

To ensure the security of your bastion private SSH key, it should be protected with file permissions of 400 or 600. This will restrict access to only the key's owner and prevent unauthorized access.

Monitoring and maintenance

Regularly monitor the performance of your filesystem using IBM Storage Scale GUI / system health components and perform routine maintenance to ensure it continues to meet your requirements.

Infracost API key generation

Infracost is a tool that helps organizations estimate the cost of cloud infrastructure. To use the infracost bundled with cloudkit, generate an API key from the infracost website using the following process:
  1. Sign up for an account on the infracost website.
  2. Navigate to the API Keys section of your account settings.
  3. Click the New API Key button to generate a new API key.
  4. Copy the API key to your clipboard and use it when running infracost commands.

Infracost provides a quick and easy way to estimate the cost of cloud infrastructure before you deploy it, which can help you avoid unexpected charges and better plan your budget.