OpenStack is a Open Source set of software components used to build private, public and hybrid cloud environment. Spectrum Scale is high performance scalable clustered filesystem that can be used as a backend storage in various storage components in OpenStack.

Spectrum Scale OpenStack drivers for block storage sevice (Cinder) and shared filesystem service (Manila) give a comprehensive set of features to use Spectrum Scale as a backend storage with single namespace in an OpenStack cloud world. For more information, please refer to -http://www.ibm.com/support/knowledgecenter/STXKQY_4.2.1/com.ibm.spectrum.scale.v4r21.doc/bl1ins_openstackusecase.htm.

From a security perspective, the storage drivers rely mostly on OpenStack security features as these serve as a backend drivers. For more information on OpenStack security, see http://docs.openstack.org/security-guide/. In addition, there are valuable security features that spectrum scale provides like leveraging spectrum scale encryption, secure NFS etc.

Spectrum Scale provides file encryption which ensures secure storage of data at rest. For more information on Spectrum Scale encryption, please refer to -
https://www.ibm.com/support/knowledgecenter/STXKQY_4.2.1/com.ibm.spectrum.scale.v4r21.doc/bl1adv_encryption.htm. For block storage service Cinder, one can choose to have encrypted fileset to store volume files which will be encrypted using Spectrum Scale encryption. One can use multiple backends (encrypted or non-encrypted) based on the volume types and can place the volumes accordingly.

Also, the volumes in Cinder can be accessed via NFS as well as native GPFS client. When being accessed ia NFS , one can even optionally make use of Kerberized NFS to secure the volume access, if required.

For Shared Filesystem service Manila, Spectrum Scale driver supports NFS through kNFS and NFS Ganesha through Spectrum Scale CES. One can rely on Spectrum Scale authentication configuration for NFS for the security. The detailed description of supported auth schemes can be found at -https://www.ibm.com/support/knowledgecenter/STXKQY_4.2.1/com.ibm.spectrum.scale.v4r21.doc/bl1ins_authconcept.htm.

Also, the Manila driver gives an option to configure access rules on the shares based on IPs which can be used to securely used to share data across OpenStack instances. Finally, Manila service also can be configured with multiple Spectrum Scale filesystems similar to Cinder (encrypted or non-encrypted) based on share-types and shares can be created on particular filesystems accordingly giving flexibility to leverage encryption feature of Spectrum Scale.

In Summary, Spectrum Scale OpenStack storage drivers leverage security capabilities through Spectrum Scale Filesystem features and protocol support.