Storage Policies

Enable AES256 for SSE

Information

We are now going to create an encrypted storage policy. Normally, software applications such as Rubrik, Veeam, CommVault etc. will encrypt the data, so there would be no need to re-encrypt again at the Storage Policy level. In our case we will assume we must enable it. By default HyperStore uses AES128, however we are going to enable the more secure AES256.

Instruction

Log-in to your config node1 using SSH as sa_admin user and CMC admin password. You will get a menu asking us to start a new session, or a sessionless shell. Select either.

Instructions

From within our HSH session, issue the following command to check the existing setting:
```
hsctl config get s3.sse.aes256
```
Set s3.sse.AES256 to be true
```
hsctl config set s3.sse.aes256=true
```
Apply the setting
```
hsctl config apply s3
```
Restart the s3 service to commit the change
```
hsctl service restart s3 --nodes=ALL
```

Create RF Policy

Instructions

Select Cluster Tab
Select Storage Policies Sub-Tab
Click + Create Storage Policy
Type “SRF3” as Policy Name
Type “Secure Replication Factor 3” under description
Leave Number of Datacenters as 1
Ensure Replicas within Single Datacenter is selected
Check or Change number of Replicas to 3

Instructions

Set Server-Side Encryption to SSE
Click Save

Important

It is strongly recommended to keep Workload type as 'Default' even if you are using one of the software applications shown in the drop-down menu. Consult with your Cloudian Sales reps and Cloudian Support to see if a specific option is right for your deployment.

Some application buckets require a unique Storage Policy to be assigned to them, for instance Veeam. Be aware of the application requirements so you can ensure your bucket/storage policy configuration is correct.