Home > Storage > PowerScale (Isilon) > Product Documentation > Data Protection > Dell PowerScale SyncIQ: Architecture, Configuration, and Considerations > SyncIQ pre-shared key
A SyncIQ pre-shared key (PSK) is only configured on the target cluster and limits policies from source clusters if they do not have the PSK configured in the SyncIQ policy.
Note: A SyncIQ PSK is only recommended for environments where SyncIQ encryption may not be configured. These environments include clusters running a OneFS version earlier than OneFS 8.2 or other environmental factors. For more information about configuring SyncIQ encryption, see SyncIQ encryption.
SmartLock Compliance mode clusters do not support SyncIQ PSK. For clusters in SmartLock Compliance mode, upgrading to OneFS 8.2 or later is recommended and configuring SyncIQ encryption. SmartLock Enterprise mode clusters support SyncIQ PSK.
To configure a SyncIQ PSK on a source and target cluster with OneFS release 9.5.0.0 or later, perform the following steps:
Configuring the PSK will cause all jobs replicating to the target cluster to fail. Before proceeding with the SyncIQ PSK configuration, either wait for SyncIQ jobs to complete or cancel running jobs. To manually cancel a SyncIQ job, run the following command:
isi sync jobs cancel <policy-name>
Alternatively, to cancel all SyncIQ jobs, run:
isi sync jobs cancel –all
isi sync settings modify --set-password
isi sync policies modify [Policy Name] --set-password --password=[Target Cluster PSK]
To configure a SyncIQ PSK on a source and target cluster with a OneFS release earlier than 9.5.0.0, perform the following steps:
Configuring the PSK will cause all jobs replicating to the target cluster to fail. Before proceeding with the SyncIQ PSK configuration, either wait for SyncIQ jobs to complete or cancel running jobs.
To manually cancel a SyncIQ job, run the following command:
isi sync jobs cancel <policy-name>
Alternatively, to cancel all SyncIQ jobs, run:
isi sync jobs cancel --all
touch /ifs/.ifsvar/modules/tsm/passwd
chmod 700 /ifs/.ifsvar/modules/tsm/passwd
The PSK must be the only line in the file and cannot contain any spaces or tab characters. Enter the PSK using the vi or other utility. As a best practice, ensure that this PSK is unique to this system only, ensuring further security.
vi /ifs/.ifsvar/modules/tsm/passwd
cat /ifs/.ifsvar/modules/tsm/passwd
For OneFS 8.0 and later, run the following command:
isi sync policies modify [Policy Name] --set-password --password=[Target Cluster PSK specified in ‘passwd’ file]
For OneFS 7.1.x or 7.2.x, run the following command:
isi sync policies modify [Policy Name] –-password [Target Cluster PSK specified in ‘passwd’ file]
For OneFS 7.0.x and earlier, run the following command:
isi sync policy modify [Policy Name] --passwd=[Target Cluster PSK specified in ‘passwd’ file]
After the policies on the source cluster are updated, the source cluster does not require any additional configuration. To confirm if the PSK is configured on a source cluster policy, view the policy using isi sync policies view, and check the Password Set field. A Yes should be listed.
To resume a stopped SyncIQ job, use the following command: isi sync jobs start [policy-name]
If a target cluster has a PSK in place for SyncIQ and the source cluster policy is not configured with the PSK using the –-set-password flag, the policy will fail. An error is listed under the report, stating Authentication with target failed, as displayed in the following figure.
To unconfigure the SyncIQ PSK on clusters running a release earlier than OneFS 9.5, remove the passwd file on the target cluster. For clusters running OneFS 9.5 and later, the command to set the passwd file to null is as follows:
isi sync settings modify --password "<null>"
Next, modify all policies on the source cluster.
For OneFS 8.0 and later, use the following command:
isi sync policies modify [policy-name] --set-password --password="<null>"
For OneFS 7.1.x or 7.2.x, use the following command:
isi sync policies modify [policy-name] –-password ""
For OneFS 8.0 and later, use the following command:
isi sync policy modify [policy-name] --passwd=""