IBM Cloud Docs
Getting started with IBM Storage Scale

Getting started with IBM Storage Scale

With IBM® Storage Scale, you can deploy HPC clusters that use IBM Storage Scale as a storage solution. The deployment is performed by using Terraform and IBM Cloud Schematics as automation frameworks.

Confirm your IBM Cloud® settings

Complete the following steps before you deploy the IBM® Storage Scale:

  1. Confirm that you have an IBM Cloud Pay-As-You-Go or Subscription account. If you have a Trial or Lite account, upgrade your account.

  2. Log in to your IBM Cloud account with your IBMid.

Verify access policies

IBM Cloud® Identity and Access Management (IAM) access policies are required to install this deployable architecture and provision clusters.

To view access policies, complete the following steps:

  1. In the IBM Cloud console, select Manage > Access (IAM).

  2. In the IAM navigation menu, select Users and then select the account user.

  3. Select Access to view the associated access policies and access groups. See the following table for the permissions that you need for this deployable architecture:

    Verify access policies
    Service Resources Role
    All IAM Account Management services All Editor, Operator, Service ID creator, VPN Administrator, User API key creator, API key reviewer
    Resource group only Deployment can be done from any resource group. Ensure that the resource group is enabled. Editor, Viewer
    Schematics All Manager, Editor
    DNS Services All Manager, Editor
    Key Protect All Manager, Editor
    Cloud Object Storage All Writer, Editor
    All Identity and Access enabled services All Editor, Operator, Service ID creator, VPN Administrator, User API key creator, API key reviewer
    VPC Infrastructure Services All Writer, Editor, Bare Metal Advanced Network Operator, Bare Metal Console Admin, IP Spoofing Operator

Allow access to IBM Cloud public endpoints

The IBM® Storage Scale requires access to the following IBM Cloud service API public endpoints. For a successful deployment to provision the infrastructure and the associated services, ensure that you are aware of these endpoints and allow them access:

IBM Cloud public endpoints required for IBM Cloud HPC deployment
Endpoint Type Notes
iam.cloud.ibm.com IAM The IAM endpoint is protected by Akamai under the Akamai IP ranges

Gather Scale entitlement information

The offering uses Bring Your Own Licenses (BYOL) for IBM® Storage Scale when you deploy an cluster on IBM Cloud. For production clusters, work with your business owners or license management team to make sure that your organization has procured enough licenses to deploy the HPC cluster by using IBM® Storage Scale. Failure to comply with licenses for production use of software is a violation of the IBM International Program License Agreement.

Before you can deploy your IBM® Storage Scale, you need to create or gather some information. To get started, complete the following steps:

Create an IBM Cloud API key

Verify that you have an IBM Cloud API key. For more information, see Creating an API key.

Create SSH key

Create SSH keys in your IBM Cloud account. You might need multiple SSH keys if you want to use different keys to access the bastion host, compute cluster, and storage cluster. Ensure that the SSH keys are present in the same resource group and region where the cluster is provisioned. The offering supports passing multiple, comma-separated SSH keys, if the cluster needs multiple SSH keys. For more information, see Managing SSH keys.

Choose between IBM-managed or user-managed encryption

By default, VPC volumes and file shares are encrypted with IBM-managed encryption. However, you can opt for user-managed encryption per your security requirements. Customer-managed encryption uses your root key, which gives you complete control over your data. You can provision or import existing encrypted keys by using IBM Key Protect for IBM Cloud.

If you decide to use user-managed encryption, complete the following steps before you deploy your IBM® Storage Scale architecture:

  1. Provision an instance of Key Protect
  2. Create or import key
  3. Authorize access between:
    • Cloud Block Storage and the key management service
    • File Storage for VPC and the key management service
  4. Gather information for the following boot volume encryption deployment values (you provide this information when you deploy your IBM® Storage Scale architecture):
    • enable_customer_managed_encryption: Gives you toggling options.
    • kms_instance_id: Instance ID of the Key Protect instance that you create.
    • kms_key_name: Name of the KMS key that you create.

Create custom image

You can use the default image or create a custom image for compute, storage, and client nodes. But for bootstrap, GKLM (if encryption is enabled) and LDAP (if LDAP is enabled), only the default image is supported. For more information, see Planning for custom images.

Stock image is not supported, when parallel vNIC and CES features are enabled.

IBM Cloud provides pre-built images with RHEL to help you get started quickly. See the storage_vsi_osimage_name, storage_bare_metal_osimage_name and compute_vsi_osimage_name parameter in Deployment values. In addition to the base operating system, the image includes the Storage Scale software packages that allow for the Storage Scale shared file system to be automatically mounted and ready for use after the creation and configuration of the cluster is complete.

Gather public IP address

You need to provide your public IP addresses from where you want to access the environment after it is provisioned. You provide these public IP addresses in the remote_cidr_blocks deployment value. For more information, see Deployment values.

Identify cluster deployment location

You need to decide where you want your cluster that is deployed by choosing an IBM Cloud region and availability zone. You provide this location information when you configure your workspace. For more information, see Region and data center locations for resource deployment.

Enable optional features in the deployment values

After completing the mandatory steps, you can enable the optional parameters in deployment values in the Storage Scale cluster:

Enable encryption

You need to decide whether you want to enable encryption for your file system. The Storage Scale cluster file system can be encrypted by using the IBM Security® Guardium® Key Lifecycle Manager (GKLM) or the IBM KeyProtect. If you want to enable encryption, you need to define the scale_encryption_xxx deployment values when you configure your workspace. For more information about enabling encryption and configuring these deployment values, see Enabling Encryption.

Enable Parallel vNIC (MROT)

As per parallel vNIC support for each node of the compute and storage cluster, a secondary vNIC comes up based on the bandwidth of a profile. According to the parallel vNIC functionality, if a VSI profile has a Bandwidth Cap (Gbps) of 64 Gbps or more, then a secondary network interface is activated.

If CES is enabled, parallel vNIC functionality cannot be used.

Enable CES

To enable CES, set total_protocol_cluster_instances to a value greater than zero. Refer to Deployment values topic for more details.

Enable boot drive encryption for persistent storage

To enable boot drive encryption for persistent storage, set bms_boot_drive_encryption parameter to true.

Enable LDAP

To enable LDAP, set enable_ldap parameter to true and complete other variables such as ldap_admin_password, ldap_user_name, and ldap_user_password. For more information, refer to Deployment values. Existing LDAP is also supported.

Enable AFM

To enable AFM, set total_afm_cluster_instances parameter to a value greater than zero. For more information, refer to Deployment values.

Next steps

Once the necessary input values are gathered to define your cluster configuration, you are ready to deploy your IBM Storage Scale cluster. The Storage Scale cluster can be deployed on IBM Cloud by using the IBM Cloud catalog tile, Schematics UI, Schematics CLI, or the Schematics APIs. If you want to deploy your cluster by using the CLI or API, review the prerequisites for your interface of choice:

After you have created and reviewed for any additional prerequisites for your interface, perform the following:

  1. Create a workspace on IBM Cloud Schematics that uses the Terraform code that is developed for this offering. This step defines the set of configuration properties that are used to perform the automation. For more information, see Creating a workspace.

  2. Generate a plan to confirm whether the configuration properties are valid, so that when you run the Terraform code, all of the resources are provisioned correctly. If the validation fails, fix the configuration properties and try again.

  3. Apply a plan triggers the actual deployment of the IBM Cloud resources to have an HPC cluster up and running by the time the deployment completes. If the deployment fails, identify the reason for failure, fix the problem, and try again. If a change is needed to the configuration properties, it might be better to generate a plan again.

If instead of using IBM Cloud Schematics you decide to deploy your IBM Storage Scale cluster through the IBM Cloud catalog, when you click Install, the Generate plan action is skipped, and the steps go from Create workspace to Apply plan directly. You need to enter values in the catalog that work for your permissions and IBM Cloud account. If the deployment fails, the Schematics UI can be used to fix the errors, and you can retry the Apply Plan step.