Planning for AWS cloud

Learn about prerequisites, configurations, and other important planning information that you must consider before the deployment of an IBM Storage Scale cluster on AWS.

Consider the following steps when you are planning for an IBM Storage Scale cluster on the public cloud of Amazon Web Services (AWS):
  1. Preparing the AWS environment to deploy the IBM Storage Scale cluster.
  2. Planning the virtual network cloud (VPC) architecture.
  3. Planning for DNS.
  4. Planning for bastion.
  5. Creating an IBM Storage Scale Amazon Machine Image (AMI) in advance.
  6. Planning for the IBM Storage Scale deployment architecture on AWS.
  7. Planning IBM Storage Scale cluster deployment profiles.
  8. Determining your performance, scalability, data availability, and data protection requirements.
  9. Planning cloudkit notifications.
  10. Planning for encryption at rest.

Preparing the AWS environment

Complete the following steps to prepare the AWS environment:
  1. Create an account in AWS, if you do not already have an account.
  2. Create the necessary IAM users along with the access key required for cloudkit to make programmatic requests to the AWS API. For more information, see Managing access keys for IAM users.
  3. Use the region selector in the navigation bar to choose the AWS region to deploy the IBM Storage Scale cluster.
  4. Create a key pair in the preferred region. For more information, see Amazon EC2 Key Pairs.
  5. Verify that the wanted AWS region and availability zone support the EC2 instance types that are chosen to be provisioned for the IBM Storage Scale storage and compute nodes. You can verify the AWS EC2 instance type from AWS console > EC2 Service Page > Instance Type.
  6. Verify the AWS EC2 quota limits and make sure that enough quotas exist for the EC2 instance types that you intend to deploy. Verify the AWS EC2 quota limits from AWS console > EC2 Service Page > Limits.

    If necessary, request a service limit increase for the EC2 instance types that you intend to deploy from AWS website. To request a service limit increase, in the AWS Support Center, choose Create Case > Service Limit Increase > EC2 instances, and then complete the fields in the Limit Increase form.

  7. Prepare the installer node where the cloudkit is meant to run. For more information, see Preparing the installer node.

Planning the virtual private cloud (VPC) architecture for AWS

When resources are being deployed in the cloud, the cloudkit can either create a new virtual private cloud (VPC) and provision the resources into it, or use a previously created VPC.

When the cloudkit creates a new VPC, the cloudkit designs your network infrastructure from scratch. It chooses the subnets, network address ranges, and security groups that best suit the IBM Storage Scale deployment.

A VPC can be created by using the cloudkit create network command, which creates only the VPC. Or you can use the cloudkit create cluster command.

The cloudkit can also deploy resources in a previously created Virtual Private Cloud (VPC). For information about creating a VPC, see AWS documentation

? VPC Mode:[Use arrows to move, type to filter]
> New
Existing
When the IBM Storage Scale cluster is to be deployed in an existing VPC, the following requirements must be met:
  • This is a mandatory step. DHCP options set or DNS configured.
  • This is a mandatory step. Private subnets (with allocatable IP address) in the availability zone (minimum 1 private subnet per availability zone).
  • This is an optional step. A public subnet (a subnet with internet gateway attached) is only required if either the following cases are met:
    1. Where the cluster is planned to be accessed through a jump host. For more information, see Other considerations.
    2. If it is necessary to precreate an IBM Storage Scale AMI. For more information, see Precreating an IBM Storage Scale AMI.
  • This is an optional step. A NAT gateway attached to the private subnet is only required when the IBM Storage Scale instances need access to the internet (for operating system updates and security patches, and so on).

Planning for DNS

You can create a DNS domain by using the cloudkit create dns command.

This command can create a new DNS zone or use an existing DNS zone:
? Do you wish to use an existing DNS zone:  (y/N)
To consult the available deployment options, issue the cloudkit create cluster command:
Remember: Creation of a cloud DNS is mandatory and must be created before you run the cloudkit create cluster command.
E: No existing DNS zones found. In order to configure, use 'cloudkit create dns'.

Planning for bastion

Use the cloudkit create jumphost command to create a jump host or bastion in the public subnet.

To consult the available deployment options, issue the cloudkit create cluster command:
? Bastion OS:  RHEL-9.2.0_HVM-20230905-x86_64-38-Hourly2-GP2 | ami-05a5f6298acdb05b6 | ec2-user 
? Bastion instance type:  t3.small   | vCPU(1)  | RAM (2.0 GiB) | CPU Credits/hr (12) 
? Key pair to be used for launching Bastion/Jumphost host instance(s):  prvnkeypair 
? Bastion/Jumphost SSH private key file path (will be used only for configuration):  /home/user1/.ssh/id_rsa 
? Bastion CIDR allow list:  xxx.xxx.xxx.xx/32
The cloudkit provides the following options for VM instances types for a jump host:
  > t3.micro   | vCPU(1)  | RAM (1.0 GiB) | CPU Credits/hr (6) 
  t3.small   | vCPU(1)  | RAM (2.0 GiB) | CPU Credits/hr (12) 
  t3.medium  | vCPU(2)  | RAM (4.0 GiB) | CPU Credits/hr (24) 
  t3.large   | vCPU(2)  | RAM (8.0 GiB) | CPU Credits/hr (36) 
  m4.large   | vCPU(2)  | RAM (8.0 GiB) | Dedicated EBS Bandwidth (450 Mbps) 
  m4.xlarge  | vCPU(4)  | RAM (16 GiB)  | Dedicated EBS Bandwidth (750 Mbps) 
  m4.2xlarge | vCPU(8)  | RAM (32 GiB)  | Dedicated EBS Bandwidth (1000 Mbps) 
  m4.4xlarge | vCPU(16) | RAM (64 GiB)  | Dedicated EBS Bandwidth (2000 Mbps)

Precreating an IBM Storage Scale AMI

When the cloudkit is used to create an IBM Storage Scale cluster by using the cloudkit create cluster command, it can either automatically create a stock Amazon Machine Image (AMI) or the customer can provide a previously created custom image.

The cloudkit can automatically create an image by using Red Hat Enterprise Linux (RHEL) 8.10 or 9.4. When the option to use a stock image is chosen, the cloudkit automatically performs all required actions to create an IBM Storage Scale VM image and create the IBM Storage Scale cluster.

A custom image can be created by using the cloudkit create image command. The create image command can accept inputs in the form of an existing image or provides the ability to create an image from a Red Hat OS image.

A custom existing image consists of:
  1. A Red Hat version that is supported by IBM Storage Scale.
  2. Optionally, for any customer applications that are already preinstalled, the cloudkit create image command installs all required IBM Storage Scale packages on top of the existing image.

Planning for the IBM Storage Scale deployment architecture on AWS

Before the IBM Storage Scale cluster can be created on the cloud, the deployment architecture must be planned.

The cloudkit offers the following deployment models for IBM Storage Scale clusters:
  • Combined-compute-storage
    A unified IBM Storage Scale cluster with both storage and compute nodes. It is recommended that any customer workload runs only on the compute nodes.
  • Compute-only
    An IBM Storage Scale cluster that only consists of compute nodes. This cluster does not have any local file system and therefore must remote mount the file system from an IBM Storage Scale storage cluster.
  • Storage-only
    This IBM Storage Scale cluster consists of only storage nodes, which have access to storage where the file system is created. This file system is remote mounted to any number of compute-only IBM Storage Scale clusters.

When you run the cloudkit create cluster command, the following prompt asks the user to select from among the different deployment models that are offered:


? IBM Spectrum Scale deployment model:[Use arrows to move, type to filter, ? for more help]
> Storage-only
Compute-only
Combined-compute-storage

Deployment purpose

The deployment purpose is applicable only to storage clusters.

  • Non-production
    This profile lists instance types that are experimental (best suited for proof of concepts) and may require tuning for running scale-suited workloads.
  • Production
    This profile lists instance types that are well suited for scale workloads. Optimal tuning parameters are calculated and set during the deployment.
When the next prompt appears, select one of the supported deployment purposes.
? IBM Storage Scale deployment model: Storage-only
? Deployment purpose: [Use arrows to move, type to filter]
Non-Production
> Production

IBM Storage Scale cluster deployment profiles

Cloudkit offers the following deployment profiles:
  • Throughput-Performance-Persistent-Storage
    This profile uses a single availability zone with persistent storage, which means that the file system device retains data after the instance is stopped. In this mode, the cloudkit calculates the number of storage nodes based on the provided file system capacity. This mode uses gp3 as disk type.
    Important: When you choose this profile, the file system is configured in such manner that the data is not replicated, only the metadata gets replicated across the instances.
  • Throughput-Performance-Scratch-Storage
    This profile uses a single availability zone and a placement group with cluster policy, which means that it packs instances close together inside an availability zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly coupled node-to-node communication that is typical of high-performance computing (HPC) applications, with instance or temporary storage, meaning that the file system device loses data after the instance is stopped.

    In this mode, the number of storage instances is limited to 10; compute instances are limited to 65.

    Important: This profile uses local NVMe SSD or instance storage, which offers high performance and low latency for data-intensive workloads. However, the data that is stored in this mode is volatile and can be lost if the instance is stopped or terminated. Therefore, it is recommended to take frequent backups.

    This profile must not be used for long-term storage or if the data is not backed up elsewhere.

  • Throughput-Advance-Persistent-Storage
    This profile uses a single availability zone with persistent storage, which means that the file system device retains data after the instance is stopped. This mode is meant for storage capacity rather performance; the number of storage instances is limited to 64, compute instances is limited to 65. This profile offers these disk types to choose from: gp2, gp3, and io1.
    Important: When you choose this profile, the file system is configured in such manner that the data is not replicated, only the metadata gets replicated across the instances.
  • Balanced
    This profile uses multiple (3) availability zones to deploy the IBM Storage Scale cluster into. In this mode, the number of storage instances is limited to 64. It offers a choice of disk types gp2, gp3, and io1.
    Important: The IBM Storage Scale file system is configured in such a way that data and metadata get replicated across availability zones.
Instances are spread across the first two availability zones that are specified in the selection, and the tie-breaker instance gets provisioned in the three availability zones that are specified during the selection.
? Tuning profile: [Use arrows to move, type to filter, ? for more help]
  Throughput-Performance-Scratch-Storage
> Throughput-Performance-Persistent-Storage
  Throughput-Advance-Persistent-Storage
  Balanced

Determining your performance, scalability, data availability, and data protection requirements

Before deploying the IBM Storage Scale cluster, it is important to understand your requirements in terms of performance, scalability, data availability, and data protection. These criteria determine what AWS instance types to use for the storage nodes and compute nodes, also what elastic block store types should be used.

The cloudkit provides the following choices for VM instances types.

For IBM Storage Scale compute nodes, all the VM instance types are supported, according to their availability per region.

For IBM Storage Scale storage nodes, the support depends on the profile, as described in the following list.

  • For the Throughput-Performance-Persistent-Storage and Balanced profiles, the next VM instance types are supported.
    m6in.2xlarge  | 8 vCPU   | 32 GiB RAM  | Network Bandwidth Up to 40 Gbps  | EBS Bandwidth Up to 25 Gbps
m6in.4xlarge  | 16 vCPU  | 64 GiB RAM  | Network Bandwidth Up to 50 Gbps  | EBS Bandwidth Up to 25 Gbps
m6in.8xlarge  | 32 vCPU  | 128 GiB RAM | Network Bandwidth 50 Gbps        | EBS Bandwidth 25 Gbps
m6in.12xlarge | 48 vCPU  | 192 GiB RAM | Network Bandwidth 75 Gbps        | EBS Bandwidth 37.5 Gbps
m6in.16xlarge | 64 vCPU  | 256 GiB RAM | Network Bandwidth 100 Gbps       | EBS Bandwidth 50 Gbps
m6in.24xlarge | 96 vCPU  | 384 GiB RAM | Network Bandwidth 150 Gbps       | EBS Bandwidth 75 Gbps
m6in.32xlarge | 128 vCPU | 512 GiB RAM | Network Bandwidth 200 Gbps       | EBS Bandwidth 100 Gbps
c6in.2xlarge  | 8 vCPU   | 16 GiB RAM  | Network Bandwidth Up to 40 Gbps  | EBS Bandwidth Up to 25 Gbps
c6in.4xlarge  | 16 vCPU  | 32 GiB RAM  | Network Bandwidth Up to 50 Gbps  | EBS Bandwidth Up to 25 Gbps
c6in.8xlarge  | 32 vCPU  | 64 GiB RAM  | Network Bandwidth 50 Gbps        | EBS Bandwidth 25 Gbps
c6in.12xlarge | 48 vCPU  | 96 GiB RAM  | Network Bandwidth 75 Gbps        | EBS Bandwidth 37.5 Gbps
c6in.16xlarge | 64 vCPU  | 128 GiB RAM | Network Bandwidth 100 Gbps       | EBS Bandwidth 50 Gbps
c6in.24xlarge | 96 vCPU  | 192 GiB RAM | Network Bandwidth 150 Gbps       | EBS Bandwidth 75 Gbps
c6in.32xlarge | 128 vCPU | 256 GiB RAM | Network Bandwidth 200 Gbps       | EBS Bandwidth 100 Gbps

  • For the Throughput-Performance-Scratch-Storage profile, the next VM instance types are supported.

      i3en.2xlarge   | 8 vCPU    | 64 GiB RAM   | Instance Storage 2 x 2500 NVMe SSD   | Network Bandwidth Up to 25 Gbps  | EBS Bandwidth Up to 4.75 Gbps
  i3en.3xlarge   | 12 vCPU   | 96 GiB RAM   | Instance Storage 1 x 7500 NVMe SSD   | Network Bandwidth Up to 25 Gbps  | EBS Bandwidth Up to 4.75 Gbps
  i3en.6xlarge   | 24 vCPU   | 192 GiB RAM  | Instance Storage 2 x 7500 NVMe SSD   | Network Bandwidth 25 Gbps        | EBS Bandwidth 4.75 Gbps
  i3en.12xlarge  | 48 vCPU   | 384 GiB RAM  | Instance Storage 4 x 7500 NVMe SSD   | Network Bandwidth 100 Gbps       | EBS Bandwidth 9.5 Gbps
  i3en.24xlarge  | 96 vCPU   | 768 GiB RAM  | Instance Storage 8 x 7500 NVMe SSD   | Network Bandwidth 100 Gbps       | EBS Bandwidth 19 Gbps

  • For the Throughput-Advance-Persistent-Storage profile, the next VM instance types are supported.

    m6in.2xlarge  | 8 vCPU   | 32 GiB RAM  | Network Bandwidth Up to 40 Gbps | EBS Bandwidth Up to 25 Gbps 
m6in.4xlarge  | 16 vCPU  | 64 GiB RAM  | Network Bandwidth Up to 50 Gbps | EBS Bandwidth Up to 25 Gbps 
m6in.8xlarge  | 32 vCPU  | 128 GiB RAM | Network Bandwidth 50 Gbps       | EBS Bandwidth 25 Gbps 
m6in.12xlarge | 48 vCPU  | 192 GiB RAM | Network Bandwidth 75 Gbps       | EBS Bandwidth 37.5 Gbps 
m6in.16xlarge | 64 vCPU  | 256 GiB RAM | Network Bandwidth 100 Gbps      | EBS Bandwidth 50 Gbps 
m6in.24xlarge | 96 vCPU  | 384 GiB RAM | Network Bandwidth 150 Gbps      | EBS Bandwidth 75 Gbps 
m6in.32xlarge | 128 vCPU | 512 GiB RAM | Network Bandwidth 200 Gbps      | EBS Bandwidth 100 Gbps 
c6in.2xlarge  | 8 vCPU   | 16 GiB RAM  | Network Bandwidth Up to 40 Gbps | EBS Bandwidth Up to 25 Gbps 
c6in.4xlarge  | 16 vCPU  | 32 GiB RAM  | Network Bandwidth Up to 50 Gbps | EBS Bandwidth Up to 25 Gbps 
c6in.8xlarge  | 32 vCPU  | 64 GiB RAM  | Network Bandwidth 50 Gbps       | EBS Bandwidth 25 Gbps 
c6in.12xlarge | 48 vCPU  | 96 GiB RAM  | Network Bandwidth 75 Gbps       | EBS Bandwidth 37.5 Gbps 
c6in.16xlarge | 64 vCPU  | 128 GiB RAM | Network Bandwidth 100 Gbps      | EBS Bandwidth 50 Gbps 
c6in.24xlarge | 96 vCPU  | 192 GiB RAM | Network Bandwidth 150 Gbps      | EBS Bandwidth 75 Gbps 
c6in.32xlarge | 128 vCPU | 256 GiB RAM | Network Bandwidth 200 Gbps      | EBS Bandwidth 100 Gbps

For more information on choosing instance types, see choosing instance types in AWS documentation.

The cloudkit provides the following choices for the disks (AWS Elastic Block storage) that can be attached to the IBM Storage Scale storage nodes:
  • gp2
  • gp3
  • io1

For more information on choosing appropriate EBS volumes, see Choosing the appropriate EBS volumes in Amazon Web Service documentation.

Planning cloudkit notifications

The following prompt offers the option of subscribing to an Amazon Simple Notification Service (Amazon SNS). A confirmation message is sent to the provided email address; to receive the cloudkit notifications, the user needs to confirm the subscription.

? Operator Email (Optional):  cloudkit@example.com

Planning for encryption at rest

The cloudkit offers an easy and simplified way to enable EBS encryption used by IBM Storage Scale instances. For more information, see Amazon EBS encryption in AWS documentation.

During the interactive method of cloudkit create cluster, the following encryption-related questions are shown:

? EBS Disk type:  gp2
? Do you wish to encrypt boot and data volumes:  Yes
? Block device encryption key (Key ID/key ARN/Alias Name/Alias ARN) (Optional):  xxxxxx
The ? Do you wish to encrypt boot and data volumes: prompt offers you the next options.

  • Specify No. The root and data corresponding EBS volumes remain unencrypted.

  • Specify Yes and do not provide a block device encryption key. The root and data corresponding to EBS volumes are encrypted by using the default key that is provided by AWS.

  • Specify Yes and provide a block device encryption key. The root and data corresponding to EBS volumes are encrypted by using the key that you provided.

Note:

  • If the key used for encryption IBM Storage Scale EBS volumes is deleted, data cannot be retrieved.

  • Invalid key or user who is configured to run cloudkit lacks permissions to read the key, which leads to failures.

Limitations

  • Throughput-Performance-Scratch-Storage is not encrypted through cloudkit. Since the disks provided in scratch profile instance type, Instance storage, are hardware encrypted internally using an XTS-AES-256 block cipher. Hence, it does not require external encryption.

  • Encryption cannot be turned on or off after the EBS volume is created. This limitation means that unencrypted volumes that are created through cloudkit cannot be encrypted later and vice versa.

  • Key rotation and life-cycle management are the responsibility of the users.

  • If the key used for encrypting IBM Storage Scale is deleted, data cannot be retrieved.