Skip to content

img0

Storage Policies

Enable AES256 for SSE

Information

We are now going to create an encrypted storage policy. Normally, software applications such as Rubrik, Veeam, CommVault etc. will encrypt the data, so there would be no need to re-encrypt again at the Storage Policy level. In our case we will assume we must enable it. By default HyperStore uses AES128, however we are going to enable the more secure AES256.

Instruction

Log-in to your config node1 using SSH as sa_admin user and CMC admin password. You will get a menu asking us to start a new session, or a sessionless shell. Select either.

Instructions

  1. From within our HSH session, issue the following command to check the existing setting: 
    hsctl config get s3.sse.aes256
  2. Set s3.sse.AES256 to be true 
    hsctl config set s3.sse.aes256=true
  3. Apply the setting 
    hsctl config apply s3
  4. Restart the s3 service to commit the change 
    hsctl service restart s3 --nodes=ALL

Check License

Instructions

  1. Log back into the CMC and confirm as admin
  2. Select Cluster Tab
  3. Select Cluster Config sub tab.

Confirm that the new license information is displayed as the following:

  • LICENSED MAX NET STORAGE: 100.00 TiB
  • OBJECT LOCK LICENSE: Certified ...
  • HYPERIQ LICENSE: ENTERPRISE

Create RF Policy

Instructions

  1. Select Cluster Tab
  2. Select Storage Policies Sub-Tab
  3. Click + Create Storage Policy
  4. Type “SRF3” as Policy Name
  5. Type “Secure Replication Factor 3” under description
  6. Leave Number of Datacenters as 1
  7. Ensure Replicas within Single Datacenter is selected
  8. Check or Change number of Replicas to 3

Instructions

  1. Set Server-Side Encryption to SSE
  2. Click Save

Important

It is strongly recommended to keep Workload type as 'Default' even if you are using one of the software applications shown in the drop-down menu. Consult with your Cloudian Sales reps and Cloudian Support to see if a specific option is right for your deployment.

Some application buckets require a unique Storage Policy to be assigned to them, for instance Veeam. Be aware of the application requirements so you can ensure your bucket/storage policy configuration is correct.