Veritas InfoScale™ 7.4.2 Release Notes - Linux
- Introduction
- Requirements
- Changes introduced in 7.4.2
- Changes related to installation and upgrades
- Changes related to security features
- Changes related to supported configurations
- Changes related to the Cluster Server engine
- Changes related to Cluster Server agents
- Changes related to Veritas Volume Manager
- Changes related to Veritas File System
- Changes related to replication
- Fixed issues
- Limitations
- Virtualization software limitations
- Storage Foundation software limitations
- Dynamic Multi-Pathing software limitations
- Veritas Volume Manager software limitations
- Veritas File System software limitations
- SmartIO software limitations
- Replication software limitations
- Cluster Server software limitations
- Limitations related to bundled agents
- Limitations related to VCS engine
- Veritas cluster configuration wizard limitations
- Limitations related to the VCS database agents
- Cluster Manager (Java console) limitations
- Limitations related to LLT
- Limitations related to I/O fencing
- Limitations related to bundled agents
- Storage Foundation Cluster File System High Availability software limitations
- Storage Foundation for Oracle RAC software limitations
- Storage Foundation for Databases (SFDB) tools software limitations
- Storage Foundation for Sybase ASE CE software limitations
- Known issues
- Issues related to installation and upgrade
- Storage Foundation known issues
- Dynamic Multi-Pathing known issues
- Veritas Volume Manager known issues
- Virtualization known issues
- Veritas File System known issues
- Replication known issues
- Cluster Server known issues
- Operational issues for VCS
- Issues related to the VCS engine
- Issues related to the bundled agents
- Issues related to the VCS database agents
- Issues related to the agent framework
- Cluster Server agents for Volume Replicator known issues
- Issues related to Intelligent Monitoring Framework (IMF)
- Issues related to global clusters
- Issues related to the Cluster Manager (Java Console)
- VCS Cluster Configuration wizard issues
- LLT known issues
- I/O fencing known issues
- Operational issues for VCS
- Storage Foundation and High Availability known issues
- Storage Foundation Cluster File System High Availability known issues
- Storage Foundation for Oracle RAC known issues
- Oracle RAC known issues
- Storage Foundation Oracle RAC issues
- Storage Foundation for Databases (SFDB) tools known issues
- Storage Foundation for Sybase ASE CE known issues
- Application isolation feature known Issues
- Cloud deployment known issues
- Issues related to Veritas InfoScale Storage in Amazon Web Services cloud environments
- Issues related to installation and upgrade
Support for disk group level encryption key management and the re-key operation
InfoScale supports the use of a single KMS key for all the volumes in a disk group. Consequently, you can maintain a common KMS key at the disk group level instead of maintaining an individual KMS key for each volume. When you start an encrypted volume that has a common KMS key with the disk group, VxVM needs to fetch only one key to enable access to the volume. Thus, a common KMS key reduces the network load that is sent to the KMS in the form of multiple requests based on the number of volumes. A single request to KMS lets you to start all the volumes in a single operation.
To make the use of this single key more secure, InfoScale provides the option to re-key the volumes that change the KMS key when needed. This option is also known as key rotation. You can use an external scheduler based on your policy to schedule the re-key operation.
To use a single key for all the encrypted volumes in a disk group, set the value of the same_enckey
tunable to yes as follows:
At the time of disk group creation, set:
vxdg -o same_enckey=yes init DiskGroupName diskName1 diskName2 ... diskNameN
The re-key operation behaves as follows:
It does not change the volume encryption key.
It retrieves the encrypted volume encryption key using the existing KMS key, and then encrypts it again with the new KMS key.
It stores the newly encrypted volume encryption key and the new KMS identifier of the changed KMS key in the volume record.
Note:
The disk group level encryption key management and key rotation feature does not support VVR configuration and disk group operations like join, split, move.
For details on the re-key operation, see the Storage Foundation Cluster File System High Availability Administrator's Guide.