IBM Spectrum Scale Security

A draft IBM Redpaper publication


Storage systems must provide reliable and convenient data access to all authorized users, while simultaneously preventing threats coming from outside or even inside the enterprise.

Security threats come in many forms, from unauthorized access to data, data tampering, denial of service, and obtaining privileged access to systems.

According to the Storage Network Industry Association (SNIA), data security in the context of storage systems is responsible for safeguarding the data against theft, prevention of unauthorized disclosure of data, prevention of data tampering and accidental corruption. This process ensures accountability, authenticity, business continuity, and regulatory compliance.

Security for storage systems can be classified as:

  • Data storage (Data at rest, which includes data durability and immutability)
  • Access to data
  • Movement of data (Data in flight)
  • Management of data
  • IBM® Spectrum Scale is a software-defined storage system for high performance, large-scale workloads on-premises or in the cloud.

      Spectrum Scale addresses all four aspects of security by securing data at rest, protecting data at rest with snapshots, backups and immutability features, securing data in flight, providing secure management of data, and secure access to data by using authentication and authorization across multiple supported access protocols. These protocols include POSIX, NFS, SMB, Hadoop, and Object (REST). For automated data management it is equipped with powerful information lifecycle management (ILM) tools that can help administer unstructured data providing the right security for the right data.

      This paper details the various aspects of security in Spectrum Scale, including

      • Security of data in transit
      • Security of data at rest
      • Authentication
      • Authorization
      • Hadoop security
      • Immutability
      • Secure administration
      • Audit Logging
      • Security for transparent cloud tiering
      • Security for OpenStack drivers
      • Unless stated otherwise, the functions that are mentioned in this paper are available in Spectrum Scale V4.2.1 or later releases.

Table of contents

Chapter 1. Secure data in transit
Chapter 2. Secure data at rest
Chapter 3. Authentication
Chapter 4. Authorizing protocol users
Chapter 5. Secure administration
Chapter 6. Immutability
Chapter 7. Audit logging
Chapter 8. Hadoop security
Chapter 9. Security for Transparent Cloud Tiering
Chapter 10. Security for OpenStack drivers
Chapter 11. Firewall recommendations
Appendix A. Examples of how to open firewall ports


These pages are Web versions of IBM Redbooks- and Redpapers-in-progress. They are published here for those who need the information now and may contain spelling, layout and grammatical errors.

This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. Your feedback is welcomed to improve the usefulness of the material to others.

IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a customer responsibility and depends upon the customer's ability to evaluate and integrate them into the customer's operational environment.


Last Update
23 December 2016

Planned Publish Date
27 January 2017

Rating: Not yet rated




IBM Form Number

Number of pages