An FSID (filesystem ID) is a reference to an AES encryption key. Unlike disk encryption where no key is specified, we need a reference to a key since we need to be able to refer to the key from multiple clients (NFS client case).
| Note: | The Linux DataControl Policy Agepnt supports filesystem level encryption for some Linux distributions. However it does not support NFS on RHEL 6.x and above or CentOS 6.x and above. |
To create and manage FSIDs, call one of the hcl options shown below:
# fsid <-c fsid_to_create [-s] [-a <cipher>] [-d description] [-e days_to_expire [-o "NO USE"|"SHRED"]]> <-r fsid_to_remove [-f]> <-u fsid_to_update [-d description]> <-l>
Let’s create a couple of FSIDs. Note that FSIDs are associated with the Cloud VM Set that the VM is a member of. Note that FSIDs can be named anything you like. We suggest naming them in a way that makes sense to you, and add a description that makes its intended use clear to you and to others who may use them. In the example that follows, my_local_key and my_nfs_key are not functionally any different, other than the way you are using them.
# hcl fsid -c my_local_key -d "this is a key just for this VM" # hcl fsid -c my_nfs_key -d "this key is for NFS" # hcl fsid -l FSID Algorithm Description ----- --------- ----------- my_local_key AES-256 this is a key just for this VM my_nfs_key AES-256 this key is for NFS
Note that you can change the default cipher (which is AES-256), as well as the description, the number of days before the FSID expires (no expiration by default) and an action to be taken when the FSID expires.
The list of available ciphers that the HyTrust Policy Agent supports can be seen using the command hcl ciphers. For example:
# hcl ciphers List of available ciphers: AES-XTS-512 (default) AES-XTS-256 AES-256 AES-128 List of available ciphers for folder encryption: AES-256 (default) AES-128 List of openssl supported ciphers: AES-XTS-256 AES-256 AES-128
To view the FSIDs in the KeyControl webGUI:
You can use the Actions menu to: