Setting up CTE and Quantum StorNext Integration
For the most part, CTE integration with Quantum StorNext is the same as for any standard file system. The next section provides an overview of the steps involved in making CTE work with SNFS. Later sections provide more information about the steps that are new or differ significantly from a typical CTE setup.
Integration Task Overview
The table below provides an overview of the steps involved in setting up SNFS and CTE to work together. As noted in the table, some of these tasks are described in the documentation for your selected key manager. Some of these steps may need to be performed by other staff members at your organization if you have divided the security administration duties as recommended by Thales and you don’t have access to the key manager.
Task | Key configuration notes | For more information |
---|---|---|
Install and configure a Quantum StorNext MDC server for use with CTE | Disable the StorNext read-ahead cache. Only certain StorNext policies, features, and mount types are supported. See Supported StorNext Server and Client Configurations. |
See Installing and Configuring a Quantum StorNext MDC Server for Use with CTE. |
Install and configure Quantum StorNext clients for use with CTE | Ensure that SNFS starts before secfs. See Ensuring that the StorNext SNFS File System Starts Before secfs. Only certain operating systems are supported. See Supported StorNext Server and Client Configurations. |
See Installing and configuring Quantum StorNext DLC Clients for Use with CTE. |
Create a domain for one or more SNFS hosts, or add them to an existing domain | No difference from standard CTE agent configuration. | See “Domain Management” in your key manager documentation. |
Add the host to the key manager | No difference from standard CTE agent configuration. | See “Configuring Hosts and Host Groups” in your key manager documentation. |
Install and register the CTE Agent on the host system | No difference in installation. | See Getting Started with CTE for Linux |
Create encryption keys (optional) | No difference from standard CTE agent configuration. | See “Managing Keys” in your key manager documentation. For information about AES-CBC-CS1 keys, see Enhanced Encryption Mode. |
Configure host groups containing one or more StorNext LAN clients (optional) | No difference from standard CTE agent configuration. | See “Configuring Hosts and Host Groups” in your key manager documentation. |
Configure policies (including user, process, and resource sets) to control access or enable encryption | No difference from standard CTE agent configuration. | See “Configuring Policies” in your key manager documentation. |
Configure one or more GuardPoints | Some GuardPoint settings are not supported. See Supported GuardPoint and Key Settings for SNFS File Systems. | See “Managing GuardPoints” in your key manager documentation |
Installing and Configuring a Quantum StorNext MDC Server for Use with CTE
Install and configure a Quantum StorNext metadata controller (MDC) server using the Quantum StorNext documentation as a guide. The CTE integration works with Linux StorNext MDCs. Ensure that you configure the StorNext server to work with the settings supported by CTE as listed in Supported StorNext Server and Client Configurations. For example, you must disable the StorNext read-ahead cache and only certain StorNext policies, features, and mount types are supported.
Installing and Configuring Quantum StorNext DLC Clients for Use with CTE
Install and configure Quantum StorNext DLC clients using the Quantum StorNext documentation as a guide. The CTE integration works with Linux StorNext DLCs.
Ensure that you configure DLC clients to work with the settings supported by CTE as listed in Supported StorNext Server and Client Configurations. For example, only certain operating systems are supported.
Just read-only access is supported if multiple StorNext LAN clients will access files in the same GuardPoint. For more information, see Supported Concurrent Access Read/Write Scenarios.
Ensuring that the StorNext SNFS File System Starts Before secfs
For CTE to function properly for Linux SNFS clients, the SNFS service must start before the CTE secfs
service. Add an entry for the SNFS file system to /etc/fstab
on each Linux client that has a CTE agent installed on it. Use the following format:
/snfs_share /stornext/snfs1 cvfs defaults,diskproxy=client 0 0
In this example, /snfs_share
should be a share that has been exported from the StorNext Server. It should not be a local disk. You may have completed this configuration step as part of the StorNext LAN client installation. See the Quantum StorNext documentation for more details.
Installing the CTE Agent on Each StorNext LAN client
Install a CTE Agent on each computer that is set up as a StorNext LAN client and for which you want to set policies. For supported operating systems, see the table in Supported StorNext Server and Client Configurations.
Use any installation method supported for your operating system. For details, see Getting Started with CTE for Linux.