SlideShare a Scribd company logo

IBM Spectrum Scale Security

Download as PPTX, PDF
Sandeep Patil
Sandeep Patil

IBM Spectrum Scale 4.2.3 provides concise security capabilities including: 1) Secure data at rest through encryption and secure deletion capabilities as well as support for NIST algorithms. 2) Secure data in transit with support for Kerberos, SSL/TLS, and configurable security levels for cluster communication. 3) Role-based access control and support for directory services like Active Directory for authentication and authorization. 4) Secure administration through SSH/TLS for commands and REST APIs, role-based access in the GUI, and limited admin nodes. 5) Additional features like file and object access control lists, firewall support, immutability mode for compliance, and audit logging.

1 of 23
Downloaded 116 times
User Group 2017 IBM Spectrum Scale 4.2.3 Security Overview Felipe Knop Sandeep Patil Security Architect STSM, IBM Master Inventor
Please note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
Acknowledgement – Spectrum Scale Development Team • Piyush Chaudhary, Michael Daubman, Cheng Ding, Dileep Dixith, Sasikanth Eda, Scott Fadden, Shuo Feng, Deepak Ghuge, Nils Haustein, Kaustubh I Katruwar, Ingo Meents, Kumaran Rajaram, John Olson, Aaron Palazzolo, Christof Schmitt, Gil Sharon, Gaurang Tapase, Carl Zetie, Yong Zheng, Wyane Sawdon, Wei Gong, Bill Owen, Sasikanth Eda.
The world of data storage has indeed changed… IT is managing large amount of data • Doubling capacities every 6 months to 2 years depending on the industry IT is dealing with new applications/workloads…many of them didn’t exist 5 years ago • Think Hadoop, Spark, No-SQL or In-Memory databases IT is dealing with new types of deployments • Software Defined/Software Based • Cloud • Hyper-converged IT is dealing with new ways of storing data – it’s not file, it’s not block • Object Storage is becoming main stream for storing massive archives Storage is no more just a SAN or NAS box
... But need for “Ubiquitous Security of Data” prevails ! • Industries understand that “Data is the new Oil”, hence • Data Is Precious: Need to Secure it Accordingly • IT needs Data Repositories and Data serving platforms that are: • Secure by Design • Caters to all aspects of Security • Enables Compliances • @Spectrum Scale we follow secure-by-design principles for all new and existing major features.
Spectrum Scale: Breath of new features / Catering to newer workloads Block iSCSI Client workstations Users and applications Compute farm Traditional applications Global Namespace Analytics Transparent HDFS Spark OpenStack Cinder Glance Manilla Object Swift S3 Transparent Cloud Powered by IBM Spectrum Scale Automated data placement and data migration Disk Tape Shared Nothing ClusterFlash New Gen applications Transparent Cloud Tier Worldwide Data Distribution(AFM) Site B Site A Site C SMBNFS POSIX File Encryption DR Site AFM-DR JBOD/JBOF Spectrum Scale RAID Compression 4000+ customers Consolidate all your unstructured data storage on Spectrum Scale with unlimited and painless scaling of capacity and performance – ENSURING DATA SECURITY !
Key Security requirement Spectrum Scale Capability Secure Data at Rest  Secure Data in Transit  Authentication  Authorization  Secure Administration  Immutability  Firewall  Hadoop Security  Cloud Tiering Security  Audit Logging  Basic Covered (more coming) Anti Virus  Basic Covered (Coming) Security Requirement Vs Spectrum Scale Security Capabilities
Protocol Nodes Protocol Nodes NSD Server NSD Server ObjectSMB NFS ObjectSMB NFS Keystone Postgres Keystone Active Directory Clients ClientsClients Secure Data at Rest Secure Erase External Key Mgmt. sudo based admin access Object ExpirationFile/Object ACL Log admin commands Immutability support Networ k Secure Data in Transit Kerberos SSL/TLS Firewall IPS Support sudo based admin access Secure inter-cluster communication GPFS Node(s) Hadoop Connector Hadoop client nodes Kerberos Spectrum Scale High Level Security Outlook Rich policy support for data placement as well as data isolation Secure Data in Transit SSL/TLS LDAP Directory Services GUI SSL/TLS RBAC Transparent Cloud Tier Secure Data in Transit
Spectrum Scale : Secure Data at Rest Spectrum Scale Filesystem Fileset fs 2Fileset fs1 Encryption policy rules: - which files are to be encrypted, - with which algorithm, - using which MEKs. Example encryption policy rules RULE 'myEncRule1' ENCRYPTION 'E1' IS ALGO 'DEFAULTNISTSP800131A' KEYS('1:RKM_1', '2:RKM_2') RULE 'Encrypt files with extension doc with rule E1' SET ENCRYPTION 'E1' FOR FILESET('fs1') WHERE NAME LIKE '%.doc' External Key Manager Server (IBM SKLM or Vormetric DSM Key Server) Block iSCSI Analytics Transparent HDFS Spark OpenStack Cinder Glance Manilla Object Swift S3 Transparent Cloud SMBNFS POSIX File *.doc *.doc *.doc Encryption of Data at Rest • Files are encrypted before they are stored on disk • Keys are never written to disk • No “digital shredding”: secure delete is a cryptographic operator Secure Deletion • Ability to destroy files with no data remanence • No “digital shredding” secure delete is cryptographic operator *.txt *.txt *.txt Encrypted *.doc Not Encrypted *.txt NIST & FIPS • The encryption algorithms that are used for file encryption are all compliant with NIST Special Publication 800-131A. • Allows cluster to be configured in FIPS mode
Spectrum Scale nodes Spectrum Scale : Secure Data at Motion • Data in transit, also referred as Data in Motion or Data in Flight, is data that is being accessed over a network (internal or external) and can therefore be intercepted by malicious users on the network. • Based on your business needs or on the sensitivity of your data that is being accessed over the network, one needs to protect it by encryption over the wire. Spectrum Scale nodes EMPTY (no-auth, no-sign, no-privacy) AUTHONLY (auth) CIPHER (auth+sign+privacy)) Spectrum Scale Cluster Communication • When users are accessing a file system from another cluster, the cluster that owns a file system can designate a different security level for each connecting cluster.
Spectrum Scale : Secure Data at Motion Secure access of Spectrum Scale File Interfaces SMB SMB Client Automatic encryption Mandatory encryption Disabled encryption  Secured dialect negotiation  Improved signing  Secured transmission NFS NFS Client Kerberos V5 (auth) Kerberos V5 (auth+integrity) Kerberos V5 (auth+integrity+privacy)  Enabling squashing  Using Kerberos  Enabling port security Object ClientObject (S3/SWIFT) SSL/TLS HAProxy
Spectrum Scale : Secure Data at Motion Secure access of Spectrum Scale Hadoop Connector Spectrum Scale (Hadoop Transparency Connector = Name Node+ Data Node) HDFS Client (Kerberos V5 auth only) Kerberos V5 (auth+integrity) Kerberos V5 (auth+integrity+privacy) Applications Spectrum Scale REST API (management) HTTPS Admin BrowserSpectrum Scale (Management GUI) HTTPS Secure access of Spectrum Scale Management Kerberos HTTP SPNEGO webhdfs dfs.encrypt.data.transfer = true for data encryption of Block data transfer hadoop.rpc.protection=authentication|integrity|pri vacy for secure data transfer between hadoop services & clients
Spectrum Scale : Protocol Authentication Protocol Authentication (NFS/SMB) • Directory Server are supported: • RFC2307 schema-compliant Lightweight Directory Access Protocol (LDAP) server • Microsoft Active Directory (AD) server • Network Information Service (NIS) server • Kerberos authentication is supported by the AD and LDAP authentication schemes • Securing NFS exports by using netgroup definitions that are stored on authentication servers is supported by LDAP and NIS-based authentication schemes. Object Authentication • IBM Spectrum Scale supports configuring Keystone with the following identity back ends: • Microsoft AD server • LDAP server • Postgres database (local) • The Keystone service can be configured with https • One can configure the communication between the Keystone service and identity back end (Microsoft AD/LDAP) to be over TLS.
Spectrum Scale : Authorization • Spectrum Scale Client • Supports POSIX ACL • Supports NFS V4 ACL • Authorizing NFS and SMB users • NFSv4 ACLs • ACL inheritance • SMB ACLs • Mapping between NFSv4 and SMB ACLs • Authorizing Object (OpenStack Swift and S3) users • Supports OpenStack Swift and S3 protocols for object data access. • Uses the Keystone service for identity management, and access by the object users to the object storage projects is controlled by these items: • User roles - Based on the roles that are defined for the user, object users can be administrative users or non- administrative users. • Container ACLs • S3 ACL are supported via the use of Swift3 Middleware for OpenStack Swift, which allows allowing access to IBM Spectrum Scale by using the Amazon Simple Storage Service (S3) API.
Spectrum Scale : Secure Administration • Administration of Spectrum Scale required Remote Shell and Remote Copy • SSH and scp are default and recommended • Limited Admin Nodes • The adminMode configuration attribute specifies whether all nodes in the cluster can be used for issuing IBM Spectrum Scale administration commands or just a subset of the nodes • allToAll - indicates that all nodes in the cluster can be used for running IBM Spectrum Scale administration commands. • central - indicates that only a subset of the nodes can be used for running IBM Spectrum Scale commands • The major advantage of the central mode of administration is that the number of nodes that must have root level access to the rest of the nodes is limited, and can be as low as one
Spectrum Scale : Secure Administration • Running IBM Spectrum Scale without remote root login • In several environments, corporate IT policies require that the ssh PermitRootLogin parameter is disabled to prevent remote login as root • By using sudo and the IBM Spectrum Scale sudo wrappers, IBM Spectrum Scale administration can be performed securely by using a non-root ID. • The IBM Spectrum Scale sudo wrappers enable : • IBM Spectrum Scale administrative operations to be securely performed by using a non- root user, one needs to rely on ssh wrappers to start remote commands with a non-root user ID. Sudo is then used on the remote node to run the necessary commands
Spectrum Scale : Secure Administration • Secure administration by using the GUI • Role-based access control for administration by using the GUI • The IBM Spectrum Scale GUI supports different administrative roles. These predefined roles are associated with user groups that define the working scope within the GUI. • This feature enables division of responsibilities among multiple administrators based on roles. • The GUI allows users to be local users or even ones from central directory services such as Microsoft Active Directory (AD) or LDAP. • Support for sudo wrappers • IBM Spectrum Scale supports secure access to the GUI by using https with the support for self- signed or trusted certificate authority (CA) • REST APIs provide secure administration • by mandating authenticated requests, • supporting role-based access control (RBAC), • ensuring secure administration over the wire by leveraging SSL/TLS, • supporting IBM Spectrum Scale sudo wrappers for deployments for secure administration with non-root remote credentials.
Spectrum Scale : Immutability • Tamper-proof data is ensured by the immutability feature • Spectrum Scale can be used for archiving use cases where regulatory requirements demand that the implementation prevent modification and deletion of files. • IBM Spectrum Scale immutability is based on immutable filesets • Immutable filesets can be exported by using the Network File System (NFS) protocol and Server Message Block (SMB) protocol. • In an immutable fileset, files can be immutable or append-only for a configurable retention time by using standard file system commands. • IBM Spectrum Scale supports one of the following immutability (“IAM”) modes for an immutable fileset: • None: No immutability mode is set (default). The fileset is a regular fileset. • Advisory: Allows setting retention times and immutability, but files can be deleted with the proper file permission. • Noncompliant: Advisory mode plus files cannot be deleted if retention time has not yet expired. However, retention times can be reset, and files can be deleted but not changed. • Compliant: Noncompliant mode plus retention time cannot be reset. When retention time expires, files can be deleted but not changed. • The immutability function in IBM Spectrum Scale Version 4.2 was assessed for compliance in accordance to the US SEC17a-4f, German, and Swiss laws and regulations by a recognized auditor.
Spectrum Scale : Hadoop Security Spectrum Scale Benefits for Hadoop • In an Hadoop deployment , Spectrum Scale replaces HDFS with following benefits: • In-place Analytics – No data movement • Enterprise grade data security • Ability to scale compute and storage separately • Unified file and object access to data • Enterprise data management with ILM capabilities • Enterprise Backup capabilities • Scalability • Federation Spectrum Scale Security for Hadoop Deployment • Spectrum Scale provides following security in an Hadoop Deployment • Secure Data at Rest via Filesystem encryption (FIPS compliant) • Enterprise Key lifecycle management • Secure data in transit with Spectrum Scale Hadoop Transparency connector (Data nodes + Name Nodes) • Secure data in transit across all other access interface (NFS/SMB/Object) • Secure Delete of Data • Immutability of classified data for compliance • Secure Backup of Data Hadoop Ecosystem Security via Hadoop Distro Hadoop Distro provides the following security for Hadoop based deployments: • Authentication : Kerberos • Authorization: POSIX based for Data, Service-level authorization support • Centralized administration of Security Policies: Sentry & Ranger provide a central location for managing all security-related tasks (irole-based or attribute- based access control, fine-grained authorization, authentication, auditing, and data protection) • Secure REST Access: Apache Knox Gateway provides a single access point for all REST interactions with the Hadoop cluster. It integrates with popular enterprise identity management services, and provides a single point of control, management, monitoring, and auditing of REST access to the Hadoop cluster.
Spectrum Scale : Cloud Tiering Security • Data is encrypted (AES 256) before it is pushed to Cloud Object Storage (on-premises or off- premises) • Supports two types of Encryption Key Management Providers to store the encryption key • IBM Security Key Lifecycle Manager and Java Key Store • TLS protocol is used when communicating with the cloud.
Spectrum Scale : Audit Logging • Auditing file system activities is an important security aspect in a number of deployments • File Access Audit logging with Varonis DatAdvantage • IBM Spectrum Scale is integrated with Varonis DatAdvantage to log file activity within IBM Spectrum Scale protocol shares. • Major file operations (file creation, deletion, and directory creation and deletion) can be detected in Ganesha, unified file and object, and SMB shares. • Varonis agent software is installed on protocol nodes that interface with one or more Probes, running on nodes that are external to the IBM Spectrum Scale cluster. The DatAdvantage software and console run on an external Windows server. Audit logging for cluster configuration changes • To help with problem determination and in auditing changes to the cluster configuration, audit messages can be sent to syslog or to the GPFS log whenever an IBM Spectrum Scale command changes the configuration of the cluster.
• Redpaper – Released Jan 2017 http://www.redbooks.ibm.com/abstracts/redp5426.html?Open • Security Blogs by Developers: https://developer.ibm.com/storage • Enhanced Knowledge Center with all details. • Assessment report Spectrum Scale 4.2 immutability: http://www.kpmg.de/bescheinigungen/RequestReport.aspx?41742 • Spectrum Scale Immutability whitepaper: http://www- 03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP102620 22 IBM Spectrum Scale : Security Redpaper & Blogs
User Group 2017 Thank You !
Ad

Recommended

IBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep DiveIBM Spectrum Scale Authentication for File Access - Deep Dive
IBM Spectrum Scale Authentication for File Access - Deep Dive
Shradha Nayak Thakare
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
xKinAnx
 
Zero Trust for Private 5G and Edge
Zero Trust for Private 5G and EdgeZero Trust for Private 5G and Edge
Zero Trust for Private 5G and Edge
Rebekah Rodriguez
 
IBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive trainingIBM Spectrum scale object deep dive training
IBM Spectrum scale object deep dive training
Smita Raut
 
Microsoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoringMicrosoft Azure and Windows Application monitoring
Microsoft Azure and Windows Application monitoring
Site24x7
 
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
Brkarc 3454 - in-depth and personal with the cisco nexus 2000 fabric extender...
kds850
 
VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5VMware vSphere 6.0 - Troubleshooting Training - Day 5
VMware vSphere 6.0 - Troubleshooting Training - Day 5
Sanjeev Kumar
 
Virtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure softwareVirtual SAN 6.2, hyper-converged infrastructure software
Virtual SAN 6.2, hyper-converged infrastructure software
Duncan Epping
 
WebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overviewWebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overview
Chris Sparshott
 
Ceph Introduction 2017
Ceph Introduction 2017 Ceph Introduction 2017
Ceph Introduction 2017
Karan Singh
 
UCS Presentation
UCS PresentationUCS Presentation
UCS Presentation
Robert Evans
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Karthikeyan Anbarasan (AK)
 
VictoriaLogs: Open Source Log Management System - Preview
VictoriaLogs: Open Source Log Management System - PreviewVictoriaLogs: Open Source Log Management System - Preview
VictoriaLogs: Open Source Log Management System - Preview
VictoriaMetrics
 
OpenStack Framework Introduction
OpenStack Framework IntroductionOpenStack Framework Introduction
OpenStack Framework Introduction
Jason TC HOU (侯宗成)
 
Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)
Sage Weil
 
VMware vSAN - Novosco, June 2017
VMware vSAN - Novosco, June 2017VMware vSAN - Novosco, June 2017
VMware vSAN - Novosco, June 2017
Novosco
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
xKinAnx
 
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptxVMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
ssuser5824cf
 
Red Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform OverviewRed Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform Overview
James Falkner
 
Zabbix Monitoring Platform
Zabbix Monitoring Platform Zabbix Monitoring Platform
Zabbix Monitoring Platform
Seyedmajid Etehadi
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu Introduction
VMware Tanzu
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for Protocols
Sandeep Patil
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers Presentation
Simplex
 
IBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageIBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object Storage
Tony Pearson
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
Ji-Woong Choi
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
Ververica
 
Storage Virtualization
Storage VirtualizationStorage Virtualization
Storage Virtualization
rjain51
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use Cases
Zabbix
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
Sandeep Patil
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of View
Karan Alang
 
Ad

More Related Content

What's hot (20)

WebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overviewWebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overview
Chris Sparshott
 
Ceph Introduction 2017
Ceph Introduction 2017 Ceph Introduction 2017
Ceph Introduction 2017
Karan Singh
 
UCS Presentation
UCS PresentationUCS Presentation
UCS Presentation
Robert Evans
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Karthikeyan Anbarasan (AK)
 
VictoriaLogs: Open Source Log Management System - Preview
VictoriaLogs: Open Source Log Management System - PreviewVictoriaLogs: Open Source Log Management System - Preview
VictoriaLogs: Open Source Log Management System - Preview
VictoriaMetrics
 
OpenStack Framework Introduction
OpenStack Framework IntroductionOpenStack Framework Introduction
OpenStack Framework Introduction
Jason TC HOU (侯宗成)
 
Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)
Sage Weil
 
VMware vSAN - Novosco, June 2017
VMware vSAN - Novosco, June 2017VMware vSAN - Novosco, June 2017
VMware vSAN - Novosco, June 2017
Novosco
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
xKinAnx
 
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptxVMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
ssuser5824cf
 
Red Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform OverviewRed Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform Overview
James Falkner
 
Zabbix Monitoring Platform
Zabbix Monitoring Platform Zabbix Monitoring Platform
Zabbix Monitoring Platform
Seyedmajid Etehadi
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu Introduction
VMware Tanzu
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for Protocols
Sandeep Patil
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers Presentation
Simplex
 
IBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageIBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object Storage
Tony Pearson
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
Ji-Woong Choi
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
Ververica
 
Storage Virtualization
Storage VirtualizationStorage Virtualization
Storage Virtualization
rjain51
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use Cases
Zabbix
 
WebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overviewWebSphere application server 8.5.5 - quick overview
WebSphere application server 8.5.5 - quick overview
Chris Sparshott
 
Ceph Introduction 2017
Ceph Introduction 2017 Ceph Introduction 2017
Ceph Introduction 2017
Karan Singh
 
UCS Presentation
UCS PresentationUCS Presentation
UCS Presentation
Robert Evans
 
Windows Azure Virtual Machines
Windows Azure Virtual MachinesWindows Azure Virtual Machines
Windows Azure Virtual Machines
Karthikeyan Anbarasan (AK)
 
VictoriaLogs: Open Source Log Management System - Preview
VictoriaLogs: Open Source Log Management System - PreviewVictoriaLogs: Open Source Log Management System - Preview
VictoriaLogs: Open Source Log Management System - Preview
VictoriaMetrics
 
OpenStack Framework Introduction
OpenStack Framework IntroductionOpenStack Framework Introduction
OpenStack Framework Introduction
Jason TC HOU (侯宗成)
 
Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)Storage tiering and erasure coding in Ceph (SCaLE13x)
Storage tiering and erasure coding in Ceph (SCaLE13x)
Sage Weil
 
VMware vSAN - Novosco, June 2017
VMware vSAN - Novosco, June 2017VMware vSAN - Novosco, June 2017
VMware vSAN - Novosco, June 2017
Novosco
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
xKinAnx
 
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptxVMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
VMware vSphere+ and vSAN+ Pricing and Packaging Partner Facing Deck EN (1).pptx
ssuser5824cf
 
Red Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform OverviewRed Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform Overview
James Falkner
 
Zabbix Monitoring Platform
Zabbix Monitoring Platform Zabbix Monitoring Platform
Zabbix Monitoring Platform
Seyedmajid Etehadi
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu Introduction
VMware Tanzu
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for Protocols
Sandeep Patil
 
Cisco UCS Servers Presentation
Cisco UCS Servers PresentationCisco UCS Servers Presentation
Cisco UCS Servers Presentation
Simplex
 
IBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageIBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object Storage
Tony Pearson
 
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
[오픈소스컨설팅] Open Stack Ceph, Neutron, HA, Multi-Region
Ji-Woong Choi
 
Stephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large ScaleStephan Ewen - Experiences running Flink at Very Large Scale
Stephan Ewen - Experiences running Flink at Very Large Scale
Ververica
 
Storage Virtualization
Storage VirtualizationStorage Virtualization
Storage Virtualization
rjain51
 
Introduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use CasesIntroduction to Zabbix - Company, Product, Services and Use Cases
Introduction to Zabbix - Company, Product, Services and Use Cases
Zabbix
 

Similar to IBM Spectrum Scale Security (20)

IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
Sandeep Patil
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of View
Karan Alang
 
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo VanzinSecuring Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Spark Summit
 
Securing Your Apache Spark Applications
Securing Your Apache Spark ApplicationsSecuring Your Apache Spark Applications
Securing Your Apache Spark Applications
Cloudera, Inc.
 
Hybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůHybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerů
MarketingArrowECS_CZ
 
Spectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN CachingSpectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN Caching
Sandeep Patil
 
Software Defined Analytics with File and Object Access Plus Geographically Di...
Software Defined Analytics with File and Object Access Plus Geographically Di...Software Defined Analytics with File and Object Access Plus Geographically Di...
Software Defined Analytics with File and Object Access Plus Geographically Di...
Trishali Nayar
 
Authenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File SystemsAuthenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File Systems
1crore projects
 
Authenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systemsAuthenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systems
Pvrtechnologies Nellore
 
Phase2 -ESA capstone project work final year
Phase2 -ESA capstone project work final yearPhase2 -ESA capstone project work final year
Phase2 -ESA capstone project work final year
ÑïshĶãrsʜ Shäh
 
NetScaler 11 Update
NetScaler 11 UpdateNetScaler 11 Update
NetScaler 11 Update
MarketingArrowECS_CZ
 
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
JPINFOTECH JAYAPRAKASH
 
Inter connect2016 yss1841-cloud-storage-options-v4
Inter connect2016 yss1841-cloud-storage-options-v4Inter connect2016 yss1841-cloud-storage-options-v4
Inter connect2016 yss1841-cloud-storage-options-v4
Tony Pearson
 
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics
 
Big data conference europe real-time streaming in any and all clouds, hybri...
Big data conference europe real-time streaming in any and all clouds, hybri...Big data conference europe real-time streaming in any and all clouds, hybri...
Big data conference europe real-time streaming in any and all clouds, hybri...
Timothy Spann
 
Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds
Orgad Kimchi
 
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Timothy Spann
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
CryptoStandards and protocols for digital secure communications
CryptoStandards and protocols for digital secure communicationsCryptoStandards and protocols for digital secure communications
CryptoStandards and protocols for digital secure communications
bipinbhattarai12
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
Sigortam.net
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
Sandeep Patil
 
BigData Security - A Point of View
BigData Security - A Point of ViewBigData Security - A Point of View
BigData Security - A Point of View
Karan Alang
 
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo VanzinSecuring Spark Applications by Kostas Sakellis and Marcelo Vanzin
Securing Spark Applications by Kostas Sakellis and Marcelo Vanzin
Spark Summit
 
Securing Your Apache Spark Applications
Securing Your Apache Spark ApplicationsSecuring Your Apache Spark Applications
Securing Your Apache Spark Applications
Cloudera, Inc.
 
Hybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerůHybridní cloud s F5 v prostředí kontejnerů
Hybridní cloud s F5 v prostředí kontejnerů
MarketingArrowECS_CZ
 
Spectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN CachingSpectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN Caching
Sandeep Patil
 
Software Defined Analytics with File and Object Access Plus Geographically Di...
Software Defined Analytics with File and Object Access Plus Geographically Di...Software Defined Analytics with File and Object Access Plus Geographically Di...
Software Defined Analytics with File and Object Access Plus Geographically Di...
Trishali Nayar
 
Authenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File SystemsAuthenticated Key Exchange Protocols for Parallel Network File Systems
Authenticated Key Exchange Protocols for Parallel Network File Systems
1crore projects
 
Authenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systemsAuthenticated key exchange protocols for parallel network file systems
Authenticated key exchange protocols for parallel network file systems
Pvrtechnologies Nellore
 
Phase2 -ESA capstone project work final year
Phase2 -ESA capstone project work final yearPhase2 -ESA capstone project work final year
Phase2 -ESA capstone project work final year
ÑïshĶãrsʜ Shäh
 
NetScaler 11 Update
NetScaler 11 UpdateNetScaler 11 Update
NetScaler 11 Update
MarketingArrowECS_CZ
 
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
JPINFOTECH JAYAPRAKASH
 
Inter connect2016 yss1841-cloud-storage-options-v4
Inter connect2016 yss1841-cloud-storage-options-v4Inter connect2016 yss1841-cloud-storage-options-v4
Inter connect2016 yss1841-cloud-storage-options-v4
Tony Pearson
 
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics @ SDC 2013: Architecting An Enterprise Storage Platform Using Obje...
Maginatics
 
Big data conference europe real-time streaming in any and all clouds, hybri...
Big data conference europe real-time streaming in any and all clouds, hybri...Big data conference europe real-time streaming in any and all clouds, hybri...
Big data conference europe real-time streaming in any and all clouds, hybri...
Timothy Spann
 
Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds
Orgad Kimchi
 
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Scenic City Summit (2021): Real-Time Streaming in any and all clouds, hybrid...
Timothy Spann
 
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud
European Collaboration Summit
 
CryptoStandards and protocols for digital secure communications
CryptoStandards and protocols for digital secure communicationsCryptoStandards and protocols for digital secure communications
CryptoStandards and protocols for digital secure communications
bipinbhattarai12
 
Web Api services using IBM Datapower
Web Api services using IBM DatapowerWeb Api services using IBM Datapower
Web Api services using IBM Datapower
Sigortam.net
 
Ad

More from Sandeep Patil (10)

Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Sandeep Patil
 
Genomics Deployments - How to Get Right with Software Defined Storage
Genomics Deployments - How to Get Right with Software Defined Storage Genomics Deployments - How to Get Right with Software Defined Storage
Genomics Deployments - How to Get Right with Software Defined Storage
Sandeep Patil
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf Weiser
Sandeep Patil
 
Analytics with unified file and object
Analytics with unified file and object Analytics with unified file and object
Analytics with unified file and object
Sandeep Patil
 
IBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowIBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking Flow
Sandeep Patil
 
In Place Analytics For File and Object Data
In Place Analytics For File and Object DataIn Place Analytics For File and Object Data
In Place Analytics For File and Object Data
Sandeep Patil
 
IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content Management IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content Management
Sandeep Patil
 
Introduction to IBM Spectrum Scale and Its Use in Life Science
Introduction to IBM Spectrum Scale and Its Use in Life ScienceIntroduction to IBM Spectrum Scale and Its Use in Life Science
Introduction to IBM Spectrum Scale and Its Use in Life Science
Sandeep Patil
 
Hadoop and Spark Analytics over Better Storage
Hadoop and Spark Analytics over Better StorageHadoop and Spark Analytics over Better Storage
Hadoop and Spark Analytics over Better Storage
Sandeep Patil
 
Spectrum scale-external-unified-file object
Spectrum scale-external-unified-file objectSpectrum scale-external-unified-file object
Spectrum scale-external-unified-file object
Sandeep Patil
 
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...
Sandeep Patil
 
Genomics Deployments - How to Get Right with Software Defined Storage
Genomics Deployments - How to Get Right with Software Defined Storage Genomics Deployments - How to Get Right with Software Defined Storage
Genomics Deployments - How to Get Right with Software Defined Storage
Sandeep Patil
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf Weiser
Sandeep Patil
 
Analytics with unified file and object
Analytics with unified file and object Analytics with unified file and object
Analytics with unified file and object
Sandeep Patil
 
IBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowIBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking Flow
Sandeep Patil
 
In Place Analytics For File and Object Data
In Place Analytics For File and Object DataIn Place Analytics For File and Object Data
In Place Analytics For File and Object Data
Sandeep Patil
 
IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content Management IBM Spectrum Scale and Its Use for Content Management
IBM Spectrum Scale and Its Use for Content Management
Sandeep Patil
 
Introduction to IBM Spectrum Scale and Its Use in Life Science
Introduction to IBM Spectrum Scale and Its Use in Life ScienceIntroduction to IBM Spectrum Scale and Its Use in Life Science
Introduction to IBM Spectrum Scale and Its Use in Life Science
Sandeep Patil
 
Hadoop and Spark Analytics over Better Storage
Hadoop and Spark Analytics over Better StorageHadoop and Spark Analytics over Better Storage
Hadoop and Spark Analytics over Better Storage
Sandeep Patil
 
Spectrum scale-external-unified-file object
Spectrum scale-external-unified-file objectSpectrum scale-external-unified-file object
Spectrum scale-external-unified-file object
Sandeep Patil
 
Ad

Recently uploaded (20)

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
HCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser EnvironmentsHCL Nomad Web – Best Practices and Managing Multiuser Environments
HCL Nomad Web – Best Practices and Managing Multiuser Environments
panagenda
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 

IBM Spectrum Scale Security

  • 1. User Group 2017 IBM Spectrum Scale 4.2.3 Security Overview Felipe Knop Sandeep Patil Security Architect STSM, IBM Master Inventor
  • 2. Please note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
  • 3. Acknowledgement – Spectrum Scale Development Team • Piyush Chaudhary, Michael Daubman, Cheng Ding, Dileep Dixith, Sasikanth Eda, Scott Fadden, Shuo Feng, Deepak Ghuge, Nils Haustein, Kaustubh I Katruwar, Ingo Meents, Kumaran Rajaram, John Olson, Aaron Palazzolo, Christof Schmitt, Gil Sharon, Gaurang Tapase, Carl Zetie, Yong Zheng, Wyane Sawdon, Wei Gong, Bill Owen, Sasikanth Eda.
  • 4. The world of data storage has indeed changed… IT is managing large amount of data • Doubling capacities every 6 months to 2 years depending on the industry IT is dealing with new applications/workloads…many of them didn’t exist 5 years ago • Think Hadoop, Spark, No-SQL or In-Memory databases IT is dealing with new types of deployments • Software Defined/Software Based • Cloud • Hyper-converged IT is dealing with new ways of storing data – it’s not file, it’s not block • Object Storage is becoming main stream for storing massive archives Storage is no more just a SAN or NAS box
  • 5. ... But need for “Ubiquitous Security of Data” prevails ! • Industries understand that “Data is the new Oil”, hence • Data Is Precious: Need to Secure it Accordingly • IT needs Data Repositories and Data serving platforms that are: • Secure by Design • Caters to all aspects of Security • Enables Compliances • @Spectrum Scale we follow secure-by-design principles for all new and existing major features.
  • 6. Spectrum Scale: Breath of new features / Catering to newer workloads Block iSCSI Client workstations Users and applications Compute farm Traditional applications Global Namespace Analytics Transparent HDFS Spark OpenStack Cinder Glance Manilla Object Swift S3 Transparent Cloud Powered by IBM Spectrum Scale Automated data placement and data migration Disk Tape Shared Nothing ClusterFlash New Gen applications Transparent Cloud Tier Worldwide Data Distribution(AFM) Site B Site A Site C SMBNFS POSIX File Encryption DR Site AFM-DR JBOD/JBOF Spectrum Scale RAID Compression 4000+ customers Consolidate all your unstructured data storage on Spectrum Scale with unlimited and painless scaling of capacity and performance – ENSURING DATA SECURITY !
  • 7. Key Security requirement Spectrum Scale Capability Secure Data at Rest  Secure Data in Transit  Authentication  Authorization  Secure Administration  Immutability  Firewall  Hadoop Security  Cloud Tiering Security  Audit Logging  Basic Covered (more coming) Anti Virus  Basic Covered (Coming) Security Requirement Vs Spectrum Scale Security Capabilities
  • 8. Protocol Nodes Protocol Nodes NSD Server NSD Server ObjectSMB NFS ObjectSMB NFS Keystone Postgres Keystone Active Directory Clients ClientsClients Secure Data at Rest Secure Erase External Key Mgmt. sudo based admin access Object ExpirationFile/Object ACL Log admin commands Immutability support Networ k Secure Data in Transit Kerberos SSL/TLS Firewall IPS Support sudo based admin access Secure inter-cluster communication GPFS Node(s) Hadoop Connector Hadoop client nodes Kerberos Spectrum Scale High Level Security Outlook Rich policy support for data placement as well as data isolation Secure Data in Transit SSL/TLS LDAP Directory Services GUI SSL/TLS RBAC Transparent Cloud Tier Secure Data in Transit
  • 9. Spectrum Scale : Secure Data at Rest Spectrum Scale Filesystem Fileset fs 2Fileset fs1 Encryption policy rules: - which files are to be encrypted, - with which algorithm, - using which MEKs. Example encryption policy rules RULE 'myEncRule1' ENCRYPTION 'E1' IS ALGO 'DEFAULTNISTSP800131A' KEYS('1:RKM_1', '2:RKM_2') RULE 'Encrypt files with extension doc with rule E1' SET ENCRYPTION 'E1' FOR FILESET('fs1') WHERE NAME LIKE '%.doc' External Key Manager Server (IBM SKLM or Vormetric DSM Key Server) Block iSCSI Analytics Transparent HDFS Spark OpenStack Cinder Glance Manilla Object Swift S3 Transparent Cloud SMBNFS POSIX File *.doc *.doc *.doc Encryption of Data at Rest • Files are encrypted before they are stored on disk • Keys are never written to disk • No “digital shredding”: secure delete is a cryptographic operator Secure Deletion • Ability to destroy files with no data remanence • No “digital shredding” secure delete is cryptographic operator *.txt *.txt *.txt Encrypted *.doc Not Encrypted *.txt NIST & FIPS • The encryption algorithms that are used for file encryption are all compliant with NIST Special Publication 800-131A. • Allows cluster to be configured in FIPS mode
  • 10. Spectrum Scale nodes Spectrum Scale : Secure Data at Motion • Data in transit, also referred as Data in Motion or Data in Flight, is data that is being accessed over a network (internal or external) and can therefore be intercepted by malicious users on the network. • Based on your business needs or on the sensitivity of your data that is being accessed over the network, one needs to protect it by encryption over the wire. Spectrum Scale nodes EMPTY (no-auth, no-sign, no-privacy) AUTHONLY (auth) CIPHER (auth+sign+privacy)) Spectrum Scale Cluster Communication • When users are accessing a file system from another cluster, the cluster that owns a file system can designate a different security level for each connecting cluster.
  • 11. Spectrum Scale : Secure Data at Motion Secure access of Spectrum Scale File Interfaces SMB SMB Client Automatic encryption Mandatory encryption Disabled encryption  Secured dialect negotiation  Improved signing  Secured transmission NFS NFS Client Kerberos V5 (auth) Kerberos V5 (auth+integrity) Kerberos V5 (auth+integrity+privacy)  Enabling squashing  Using Kerberos  Enabling port security Object ClientObject (S3/SWIFT) SSL/TLS HAProxy
  • 12. Spectrum Scale : Secure Data at Motion Secure access of Spectrum Scale Hadoop Connector Spectrum Scale (Hadoop Transparency Connector = Name Node+ Data Node) HDFS Client (Kerberos V5 auth only) Kerberos V5 (auth+integrity) Kerberos V5 (auth+integrity+privacy) Applications Spectrum Scale REST API (management) HTTPS Admin BrowserSpectrum Scale (Management GUI) HTTPS Secure access of Spectrum Scale Management Kerberos HTTP SPNEGO webhdfs dfs.encrypt.data.transfer = true for data encryption of Block data transfer hadoop.rpc.protection=authentication|integrity|pri vacy for secure data transfer between hadoop services & clients
  • 13. Spectrum Scale : Protocol Authentication Protocol Authentication (NFS/SMB) • Directory Server are supported: • RFC2307 schema-compliant Lightweight Directory Access Protocol (LDAP) server • Microsoft Active Directory (AD) server • Network Information Service (NIS) server • Kerberos authentication is supported by the AD and LDAP authentication schemes • Securing NFS exports by using netgroup definitions that are stored on authentication servers is supported by LDAP and NIS-based authentication schemes. Object Authentication • IBM Spectrum Scale supports configuring Keystone with the following identity back ends: • Microsoft AD server • LDAP server • Postgres database (local) • The Keystone service can be configured with https • One can configure the communication between the Keystone service and identity back end (Microsoft AD/LDAP) to be over TLS.
  • 14. Spectrum Scale : Authorization • Spectrum Scale Client • Supports POSIX ACL • Supports NFS V4 ACL • Authorizing NFS and SMB users • NFSv4 ACLs • ACL inheritance • SMB ACLs • Mapping between NFSv4 and SMB ACLs • Authorizing Object (OpenStack Swift and S3) users • Supports OpenStack Swift and S3 protocols for object data access. • Uses the Keystone service for identity management, and access by the object users to the object storage projects is controlled by these items: • User roles - Based on the roles that are defined for the user, object users can be administrative users or non- administrative users. • Container ACLs • S3 ACL are supported via the use of Swift3 Middleware for OpenStack Swift, which allows allowing access to IBM Spectrum Scale by using the Amazon Simple Storage Service (S3) API.
  • 15. Spectrum Scale : Secure Administration • Administration of Spectrum Scale required Remote Shell and Remote Copy • SSH and scp are default and recommended • Limited Admin Nodes • The adminMode configuration attribute specifies whether all nodes in the cluster can be used for issuing IBM Spectrum Scale administration commands or just a subset of the nodes • allToAll - indicates that all nodes in the cluster can be used for running IBM Spectrum Scale administration commands. • central - indicates that only a subset of the nodes can be used for running IBM Spectrum Scale commands • The major advantage of the central mode of administration is that the number of nodes that must have root level access to the rest of the nodes is limited, and can be as low as one
  • 16. Spectrum Scale : Secure Administration • Running IBM Spectrum Scale without remote root login • In several environments, corporate IT policies require that the ssh PermitRootLogin parameter is disabled to prevent remote login as root • By using sudo and the IBM Spectrum Scale sudo wrappers, IBM Spectrum Scale administration can be performed securely by using a non-root ID. • The IBM Spectrum Scale sudo wrappers enable : • IBM Spectrum Scale administrative operations to be securely performed by using a non- root user, one needs to rely on ssh wrappers to start remote commands with a non-root user ID. Sudo is then used on the remote node to run the necessary commands
  • 17. Spectrum Scale : Secure Administration • Secure administration by using the GUI • Role-based access control for administration by using the GUI • The IBM Spectrum Scale GUI supports different administrative roles. These predefined roles are associated with user groups that define the working scope within the GUI. • This feature enables division of responsibilities among multiple administrators based on roles. • The GUI allows users to be local users or even ones from central directory services such as Microsoft Active Directory (AD) or LDAP. • Support for sudo wrappers • IBM Spectrum Scale supports secure access to the GUI by using https with the support for self- signed or trusted certificate authority (CA) • REST APIs provide secure administration • by mandating authenticated requests, • supporting role-based access control (RBAC), • ensuring secure administration over the wire by leveraging SSL/TLS, • supporting IBM Spectrum Scale sudo wrappers for deployments for secure administration with non-root remote credentials.
  • 18. Spectrum Scale : Immutability • Tamper-proof data is ensured by the immutability feature • Spectrum Scale can be used for archiving use cases where regulatory requirements demand that the implementation prevent modification and deletion of files. • IBM Spectrum Scale immutability is based on immutable filesets • Immutable filesets can be exported by using the Network File System (NFS) protocol and Server Message Block (SMB) protocol. • In an immutable fileset, files can be immutable or append-only for a configurable retention time by using standard file system commands. • IBM Spectrum Scale supports one of the following immutability (“IAM”) modes for an immutable fileset: • None: No immutability mode is set (default). The fileset is a regular fileset. • Advisory: Allows setting retention times and immutability, but files can be deleted with the proper file permission. • Noncompliant: Advisory mode plus files cannot be deleted if retention time has not yet expired. However, retention times can be reset, and files can be deleted but not changed. • Compliant: Noncompliant mode plus retention time cannot be reset. When retention time expires, files can be deleted but not changed. • The immutability function in IBM Spectrum Scale Version 4.2 was assessed for compliance in accordance to the US SEC17a-4f, German, and Swiss laws and regulations by a recognized auditor.
  • 19. Spectrum Scale : Hadoop Security Spectrum Scale Benefits for Hadoop • In an Hadoop deployment , Spectrum Scale replaces HDFS with following benefits: • In-place Analytics – No data movement • Enterprise grade data security • Ability to scale compute and storage separately • Unified file and object access to data • Enterprise data management with ILM capabilities • Enterprise Backup capabilities • Scalability • Federation Spectrum Scale Security for Hadoop Deployment • Spectrum Scale provides following security in an Hadoop Deployment • Secure Data at Rest via Filesystem encryption (FIPS compliant) • Enterprise Key lifecycle management • Secure data in transit with Spectrum Scale Hadoop Transparency connector (Data nodes + Name Nodes) • Secure data in transit across all other access interface (NFS/SMB/Object) • Secure Delete of Data • Immutability of classified data for compliance • Secure Backup of Data Hadoop Ecosystem Security via Hadoop Distro Hadoop Distro provides the following security for Hadoop based deployments: • Authentication : Kerberos • Authorization: POSIX based for Data, Service-level authorization support • Centralized administration of Security Policies: Sentry & Ranger provide a central location for managing all security-related tasks (irole-based or attribute- based access control, fine-grained authorization, authentication, auditing, and data protection) • Secure REST Access: Apache Knox Gateway provides a single access point for all REST interactions with the Hadoop cluster. It integrates with popular enterprise identity management services, and provides a single point of control, management, monitoring, and auditing of REST access to the Hadoop cluster.
  • 20. Spectrum Scale : Cloud Tiering Security • Data is encrypted (AES 256) before it is pushed to Cloud Object Storage (on-premises or off- premises) • Supports two types of Encryption Key Management Providers to store the encryption key • IBM Security Key Lifecycle Manager and Java Key Store • TLS protocol is used when communicating with the cloud.
  • 21. Spectrum Scale : Audit Logging • Auditing file system activities is an important security aspect in a number of deployments • File Access Audit logging with Varonis DatAdvantage • IBM Spectrum Scale is integrated with Varonis DatAdvantage to log file activity within IBM Spectrum Scale protocol shares. • Major file operations (file creation, deletion, and directory creation and deletion) can be detected in Ganesha, unified file and object, and SMB shares. • Varonis agent software is installed on protocol nodes that interface with one or more Probes, running on nodes that are external to the IBM Spectrum Scale cluster. The DatAdvantage software and console run on an external Windows server. Audit logging for cluster configuration changes • To help with problem determination and in auditing changes to the cluster configuration, audit messages can be sent to syslog or to the GPFS log whenever an IBM Spectrum Scale command changes the configuration of the cluster.
  • 22. • Redpaper – Released Jan 2017 http://www.redbooks.ibm.com/abstracts/redp5426.html?Open • Security Blogs by Developers: https://developer.ibm.com/storage • Enhanced Knowledge Center with all details. • Assessment report Spectrum Scale 4.2 immutability: http://www.kpmg.de/bescheinigungen/RequestReport.aspx?41742 • Spectrum Scale Immutability whitepaper: http://www- 03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/WP102620 22 IBM Spectrum Scale : Security Redpaper & Blogs