Skip to main content

IBM Spectrum Scale Security

An IBM Redpaper publication


Published on 18 September 2018

  1. .EPUB (0.6 MB)
  2. .PDF (1.9 MB)

Apple BooksGoogle Play Books

Share this page:   

ISBN-10: 0738457167
ISBN-13: 9780738457161
IBM Form #: REDP-5426-01

Authors: Felipe Knop, Sandeep R. Patil, Alifiya Kantawala and Larry Coyne

    menu icon


    Storage systems must provide reliable and convenient data access to all authorized users while simultaneously preventing threats coming from outside or even inside the enterprise.

    Security threats come in many forms, from unauthorized access to data, data tampering, denial of service, and obtaining privileged access to systems.

    According to the Storage Network Industry Association (SNIA), data security in the context of storage systems is responsible for safeguarding the data against theft, prevention of unauthorized disclosure of data, prevention of data tampering, and accidental corruption. This process ensures accountability, authenticity, business continuity, and regulatory compliance.

    Security for storage systems can be classified as follows:

    • Data storage (data at rest, which includes data durability and immutability)
    • Access to data
    • Movement of data (data in flight)
    • Management of data
      • IBM® Spectrum Scale is a software-defined storage system for high performance, large-scale workloads on-premises or in the cloud.

        IBM Spectrum™ Scale addresses all four aspects of security by securing data at rest (protecting data at rest with snapshots, and backups and immutability features) and securing data in flight (providing secure management of data, and secure access to data by using authentication and authorization across multiple supported access protocols). These protocols include POSIX, NFS, SMB, Hadoop, and Object (REST). For automated data management, it is equipped with powerful information lifecycle management (ILM) tools that can help administer unstructured data by providing the correct security for the correct data.

        This IBM Redpaper™ publication details the various aspects of security in IBM Spectrum Scale™, including the following items:

        • Security of data in transit
        • Security of data at rest
        • Authentication
        • Authorization
        • Hadoop security
        • Immutability
        • Secure administration
        • Audit logging
        • Security for transparent cloud tiering (TCT)
        • Security for OpenStack drivers
          • Unless stated otherwise, the functions that are mentioned in this paper are available in IBM Spectrum Scale V4.2.1 or later releases.

    Table of Contents

    Chapter 1. Secure data in transit

    Chapter 2. Secure data at rest

    Chapter 3. Authentication

    Chapter 4. Authorizing protocol users

    Chapter 5. Secure administration

    Chapter 6. Immutability

    Chapter 7. Audit logging

    Chapter 8. Hadoop security

    Chapter 9. Security for transparent cloud tiering

    Chapter 10. Security for OpenStack drivers

    Chapter 11. Firewall recommendations

    Appendix A. Examples of how to open firewall ports


    Others who read this also read