Your Browser is Out of Date

Nytro.ai uses technology that works best in other browsers.
For a full experience use one of the browsers below
Dell PowerScale SyncIQ: Architecture, Configuration, and Considerations
Executive summary Introduction Deployment topologies Use cases Architecture and processes Data replication Configuring a SyncIQ policy Impacts of modifying SyncIQ policies SyncIQ performance rules SnapshotIQ and SyncIQ SyncIQ design considerations Failover and failback Superna Eyeglass DR Edition SyncIQ and CloudPools SyncIQ security SyncIQ bandwidth reservations Monitoring, alerting, reporting, and optimizing performance Administration SyncIQ replication and data reduction 16 TiB large file support and SyncIQ implications OneFS version compatibility SmartLock compatibility Conclusion Appendix A: Failover and failback steps Appendix B: SyncIQ encryption with self-signed certificates
Introduction
Generate keys
Import keys and apply SyncIQ settings
Create an encrypted SyncIQ policy
Modify an existing SyncIQ policy for encryption
Additional SyncIQ information and optional commands
Appendix C: Configuring cascaded replication Appendix D: Configuring custom replication Appendix E: Technical support and resources

Import keys and apply SyncIQ settings

Import keys and apply SyncIQ settings

    1. On the source cluster, import the target cluster’s certificate:

    scp root@[target cluster IP]:/ifs/data/[Directory specified in Generate keys]/target_cluster_cert.pem /ifs/data/[Directory specified in Generate keys]/

    1. For the source and target cluster to successfully SSL handshake, add the target cluster’s self-signed certificate to the certificate authority list on the source cluster, ensuring the source cluster trusts the target cluster’s signature. On the source cluster:

    isi cert auth import ./target_cluster_cert.pem –-name TargetCluster_Self-Signed

    1. On the source cluster, define the target cluster as a SyncIQ peer:

    isi sync cert peer import ./target_cluster_cert.pem --name=[Specify a descriptive certificate name]

    1. On the source cluster, provide SyncIQ with the source cluster server certificate and private key:

    isi sync cert server import ./source_cluster_cert.pem ./source_cluster_key.key --name=[Specify a name for the source server certificate] --certificate-key-password [Passphrase for the private key created in Generate keys, Step 1.c]

    1. To apply the cluster certificate with SyncIQ, the full certificate ID is required. On the source cluster, retrieve the truncated certificate ID for the server certificate:
      1. isi sync cert server list

    Make a note of the appropriate truncated certificate ID, from the ‘ID’ column. On the source cluster, retrieve the full certificate ID, using the truncated certificate ID from Step a:

    1. isi sync cert server view [truncated certificate ID from Step a]

    Make a note of the full certificate ID, from the ‘ID’ field.

    1. On the source cluster, apply the full certificate ID from the previous step as the cluster certificate:

    isi sync settings modify --cluster-certificate-id=[full certificate ID from the previous step]

    1. A global option is available, requiring that all incoming and outgoing SyncIQ policies are encrypted.

    Note: Running this command impacts existing SyncIQ policies that may not have encryption enabled. Only run this command after all existing policies have encryption enabled. Otherwise, existing policies that do not have encryption enabled will fail.

    On the source cluster, require encryption globally for all SyncIQ policies:

    isi sync settings modify --encryption-required=true

    1. On the target cluster, import the source cluster’s certificate:

    scp root@[source cluster IP]:/ifs/data/[Directory specified in Generate keys]/source_cluster_cert.pem /ifs/data/[Directory specified in Generate keys]/

    1. For the target and source cluster to successfully SSL handshake, add the source cluster’s self-signed certificate to the certificate authority list on the target cluster, ensuring the target cluster trusts the source cluster’s signature. On the target cluster:

    isi cert auth import ./source_cluster_cert.pem --name SourceCluster_Self-Signed

    1. On the target cluster, define the source cluster as a SyncIQ peer:

    isi sync cert peer import ./source_cluster_cert.pem --name=[Specify a descriptive certificate name]

    1. On the target cluster, provide SyncIQ with the target server certificate and private key:

    isi sync cert server import ./target_cluster_cert.pem ./target_cluster_key.key  --name=[Specify a name for the target server certificate] --certificate-key-password [Passphrase for the private key created in Generate keys, Step 2.c]

    1. To apply the cluster certificate with SyncIQ, the full certificate ID is required. On the target cluster, retrieve the truncated certificate ID for the server certificate:
      1. isi sync cert server list

    Make a note of the appropriate truncated certificate ID, from the ‘ID’ column. On the target cluster, retrieve the full certificate ID, using the truncated certificate ID from Step a:

    1. isi sync cert server view [truncated certificate ID from Step a]

    Make a note of the full certificate ID, from the ‘ID’ field.

    1. On the target cluster, apply the full certificate ID from the previous step as the cluster certificate:

    isi sync settings modify --cluster-certificate-id=[full certificate ID from the previous step]

    1. A global option is available, requiring that all incoming and outgoing SyncIQ policies are encrypted.

    Note: Running this command impacts existing SyncIQ policies that may not have encryption enabled. Only run this command after all existing policies have encryption enabled. Otherwise, existing policies that do not have encryption enabled will fail.

    On the target cluster, require encryption globally for all SyncIQ policies:

    isi sync settings modify --encryption-required=true