IBM Support

IBM Spectrum Scale: Vormetric DSM V6.0.2, V6.0.3 and V6.1.x releases are not supported with IBM Spectrum Scale Encryption. Vormetric DSM V6.2 is supported with IBM Spectrum Scale Encryption.

Troubleshooting


Problem

Vormetric DSM V6.0.2, V6.0.3 and V6.1.x user interface do not support creation of KMIP objects such as the Master Encryption Keys (MEKs) used by Spectrum Scale encryption, and as a result, Spectrum Scale encryption cannot use these DSM releases.

If Vormetric DSM V5.x is upgraded to DSM V6.0.2, V6.0.3 and V6.1.x, existing Master Encryption Keys (MEKs) used by Spectrum Scale encryption will not be considered KMIP objects by DSM and cannot be served to Spectrum Scale encryption clients. In this case, Spectrum Scale daemon log (/var/adm/ras/mmfs.log.latest) will log the error below when an encrypted file is being created or accessed:

2018-09-29_14:45:43.911-0400: [E] Unable to create encrypted file testfile (inode 194560, fileset 0, file system home).
2018-09-29_14:45:43.911-0400: [E] Key '31b8f1ba-d014-31a0-ad49-2dedefe50740' was not found on RKM ID 'DSM'.

Environment

Spectrum Scale Encryption users with key server running DSM V6.0.2, V6.0.3 and V6.1.x. Spectrum Scale Encryption users who upgrade from DSM 5.x to DSM V6.0.2, V6.0.3 and V6.1.x.

Diagnosing The Problem

If Spectrum Scale Encryption is configured with Vormetric DSM V5.x up to DSM v 6.0.1, do not upgrade DSM to V6.0.2, V6.0.3 and V6.1.x.  

If DSM V5.x has been upgraded to DSM V6.0.2, V6.0.3, V6.1.x and you can no longer access encrypted files, please contact Thales support to assist with DSM downgrade process.  Once downgrade is done properly, DSM should be able to serve encryption keys to Spectrum Scale encryption clients.

For more information on Thales' plans for delivering the ability of the DSM user interface to create encryption keys that can be used by Spectrum Scale, please contact Thales at https://www.thalesesecurity.com/support.

Resolving The Problem

Fix is available in Vormetric DSM V6.2. Vormetric DSM V6.2 user interface supports creation of KMIP objects such as the Master Encryption Keys (MEKs) used by Spectrum Scale encryption.

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"STXKQY","label":"IBM Spectrum Scale"},"Component":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"}],"Version":"4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 5.0.0, 5.0.1, 5.0.2","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"STHMCM","label":"IBM Elastic Storage Server"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"3.5, 4.0, 4.5, 5.0, 5.1, 5.2, 5.3","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
25 July 2019

UID

ibm10734479