Manage security: Overview
You can configure various security settings from the Grid Manager to help secure your StorageGRID system.
Manage encryption
StorageGRID provides several options for encrypting data. You should review the available encryption methods to determine which ones meet your data-protection requirements.
Manage certificates
You can configure and manage the server certificates used for HTTP connections or the client certificates used to authenticate a client or user identity to the server.
Configure key management servers
Using a key management server lets you protect StorageGRID data even if an appliance is removed from the data center. After the appliance volumes are encrypted, you can't access any data on the appliance unless the node can communicate with the KMS.
To use encryption key management, you must enable the Node Encryption setting for each appliance during installation, before the appliance is added to the grid. |
Manage proxy settings
If you are using S3 platform services or Cloud Storage Pools, you can configure a Storage proxy server between Storage Nodes and the external S3 endpoints. If you send AutoSupport messages using HTTPS or HTTP, you can configure an Admin proxy server between Admin Nodes and technical support.
Control firewalls
To enhance the security of your system, you can control access to StorageGRID Admin Nodes by opening or closing specific ports at the external firewall. You can also control network access to each node by configuring its internal firewall. You can prevent access on all ports except those needed for your deployment.