Troubleshooting
Problem
Vormetric DSM V6.0.2, V6.0.3 and V6.1.x user interface do not support creation of KMIP objects such as the Master Encryption Keys (MEKs) used by Spectrum Scale encryption, and as a result, Spectrum Scale encryption cannot use these DSM releases.
If Vormetric DSM V5.x is upgraded to DSM V6.0.2, V6.0.3 and V6.1.x, existing Master Encryption Keys (MEKs) used by Spectrum Scale encryption will not be considered KMIP objects by DSM and cannot be served to Spectrum Scale encryption clients. In this case, Spectrum Scale daemon log (/var/adm/ras/mmfs.log.latest) will log the error below when an encrypted file is being created or accessed:
2018-09-29_14:45:43.911-0400: [E] Unable to create encrypted file testfile (inode 194560, fileset 0, file system home). 2018-09-29_14:45:43.911-0400: [E] Key '31b8f1ba-d014-31a0-ad49-2dedefe50740' was not found on RKM ID 'DSM'.
Environment
Spectrum Scale Encryption users with key server running DSM V6.0.2, V6.0.3 and V6.1.x. Spectrum Scale Encryption users who upgrade from DSM 5.x to DSM V6.0.2, V6.0.3 and V6.1.x.
Diagnosing The Problem
If Spectrum Scale Encryption is configured with Vormetric DSM V5.x up to DSM v 6.0.1, do not upgrade DSM to V6.0.2, V6.0.3 and V6.1.x.
If DSM V5.x has been upgraded to DSM V6.0.2, V6.0.3, V6.1.x and you can no longer access encrypted files, please contact Thales support to assist with DSM downgrade process. Once downgrade is done properly, DSM should be able to serve encryption keys to Spectrum Scale encryption clients.
For more information on Thales' plans for delivering the ability of the DSM user interface to create encryption keys that can be used by Spectrum Scale, please contact Thales at https://www.thalesesecurity.com/support.
Resolving The Problem
Was this topic helpful?
Document Information
Modified date:
25 July 2019
UID
ibm10734479