- Notes, cautions, and warnings
- Introduction to this guide
- CloudPools overview and setup
- Providers, CloudPool accounts, and storage pools
- File pool policies for CloudPools
- Overview of CloudPools file processing
- Archiving files with file pool policies
- Managing cloud policies
- Create a file pool policy for cloud storage (Web UI)
- Create a file pool policy for cloud storage (CLI)
- Modify cloud attributes in a file pool policy (Web UI)
- Modify cloud attributes in a file pool policy (CLI)
- List file pool policies (CLI)
- View details of a file pool policy (CLI)
- Apply a file pool policy to a specified file or path (CLI)
- Archive files directly to the cloud (CLI)
- Managing cloud jobs
- Retrieving file data from the cloud
- CloudPools with other OneFS functions
- CloudPools tips and troubleshooting
- CloudPools CLI commands
- isi antivirus icap settings modify
- isi cloud access add
- isi cloud access list
- isi cloud access remove
- isi cloud access view
- isi cloud accounts create
- isi cloud accounts delete
- isi cloud accounts list
- isi cloud accounts modify
- isi cloud accounts view
- isi cloud archive
- isi cloud jobs cancel
- isi cloud jobs create
- isi cloud jobs files list
- isi cloud jobs list
- isi cloud jobs pause
- isi cloud jobs resume
- isi cloud jobs view
- isi cloud pools create
- isi cloud pools delete
- isi cloud pools list
- isi cloud pools modify
- isi cloud pools view
- isi cloud proxies create
- isi cloud proxies delete
- isi cloud proxies list
- isi cloud proxies modify
- isi cloud proxies view
- isi cloud recall
- isi cloud restore_coi
- isi cloud settings modify
- isi cloud settings regenerate-encryption-key
- isi cloud settings view
- isi filepool policies create
- isi statistics cloud list
PowerScale OneFS 9.4.0.0 CloudPools Administration Guide
Compression and encryption of cloud data
You can specify compression and encryption of data that is moved to the cloud.
With CloudPools, you can enable compression and encryption on a per-policy basis. Both encryption and compression are disabled by default.
Files encrypted or compressed when stored in the cloud are automatically decrypted and decompressed when data is cached (inline access) or the file is recalled from the cloud to local storage.
CloudPools uses a master encryption key to encrypt the data encryption keys. Encryption applies to both the SmartLink file and the file data archived to the cloud. Both the SmartLink file and the archived data include encrypted copies of the data encryption keys. After a file is encrypted, it can only be decrypted by recalling it.
CloudPools keeps track of the encryption status of SmartLink files in snapshots and referenced data in the cloud. If SmartLink files in snapshots are unencrypted and refer to unencrypted cloud objects, the SmartLink files in the snapshots remain unencrypted even if you create a new CloudPools policy that encrypts the latest version of the file.
OneFS stores the master encryption key in the local key management system. You can generate a new version of the key if you believe the key has been compromised. If regenerated, the new master key secures new data written to the cloud. Previously written data is secured by the old data encryption keys, resident in the local SmartLink files.
Self-encrypting drives
CloudPools works with nodes that are equipped with self-encrypting drives (SEDs). Any SmartLink files left on SEDs are handled like any other file. However, note the following about archived data and whether it remains encrypted:
- The process of archiving a SED file decrypts the data on the SED.
Any read of SED data decrypts the data. Because CloudPools reads the data to archive it, the data is decrypted.
- The data archived to the cloud is not encrypted unless the CloudPools policy includes encrypt=True.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\