A cluster is a group of clients that share the same encryption rules. This section describes the prerequisites needed to protect clusters of ProtectFile clients. Also, the section describes how to create a cluster and link clients to it.
Information in this section is applicable to ProtectFile Linux clusters.
Coordinate with the client administrator to ensure the following:
The shared mounted location to protect exists on all clients.
Refer to "File Systems" in the ProtectFile Release Notes for the list of file systems for which ProtectFile supports the active-active or active-passive cluster configuration on cluster nodes running supported platforms.
Make sure the following are installed on all SLES 11 SP4 clients that will from the cluster:
SUSE Linux Enterprise Server 11 SP4 with all available online updates
SUSE Linux Enterprise High Availability Extension 11 SP4 (OpenAIS) with all available online updates
Make sure that the following cluster packages are installed on all RHEL 6 and RHEL 7 nodes that will from the cluster:
Package RHEL 6 RHEL 7 Red Hat Enterprise Linux High Availability (for RHEL X Server) rhel-ha-for-rhel-6- server-rpms rhel-ha-for-rhel-7-server-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL X Server) rhel-rs-for-rhel-6- server-rpms rhel-rs-for-rhel-7-server-rpms
Refer to RHEL HA Installation for details.
Creating a Cluster
When creating a cluster, specify the name for the cluster, the unique name for the Windows cluster (for a cluster of clients running Windows), and the encryptor client for the Linux cluster (for a cluster of clients running Linux).
The following table lists the parameters that are required when creating or managing a cluster on the CipherTrust Manager:
|Friendly name for the cluster. The cluster will be identified by this name on the CipherTrust Manager. This field is mandatory.
|Cluster OS Type
|Operating system (Windows or Linux) running on all clients that will from the cluster. The default operating system is Windows.
|Windows Cluster Name
|(Applicable to ProtectFile Windows clusters) Unique name for the Windows cluster.
|(Applicable to ProtectFile Linux clusters) Name of the client that will perform encryption of data shared among clients in the cluster. If an encryptor client is not specified, data on the clients in the cluster cannot be encrypted. However, you can modify the cluster to specify the encryptor client later.
This document, may at times, abbreviate "encryptor client" to "encryptor."
ProtectFile provides options to view existing clusters, view and modify their details, and delete them when they are no longer required.
Linking a Client with a Cluster
After a cluster is created, clients can be added to it to complete the cluster. This is called cluster-client association. Each client in the cluster must be registered with the CipherTrust Manager.
ProtectFile supports both Windows and Linux clusters. Each client in a Linux cluster must be running a supported Linux platform. Similarly, each client in a Windows cluster must be running a supported Windows platform.
In case of a ProtectFile Windows cluster, encryption rules are deployed to paths on the cluster's shared disk. Authorized client users can access data stored in protected paths on the shared disk.
In case of a ProtectFile Linux cluster, encryption rules are deployed on paths shared among all clients in the cluster. The encryptor client specified during the creation of a Linux cluster is automatically linked to the cluster.
ProtectFile provides options to view the list of clients linked with a cluster.