Originally posted by: CRM

All,

I am looking to architect a solution based on an MQ cluster and the AIX encrypted filesystem to meet the payment card industry requirements (the requirements are that any data persisted to disk must be encrypted).

In addition we are looking to use POWERHA to cluster the MQ queues such that we can recover any messages in the case of a failure.

I am pretty sure that we are fine to configure EFS with PowerHA, I have some ideas of how we should do this and know we need to consider carefully where we place the keys (as the keys will need to be available to both systems), but I am wondering if anyone has come across a solution like this or if there are any whitepapers/best practises for implementing a design such as this?

many thanks

Chris
#PowerHA-(Formerly-known-as-HACMP)-Technical-Forum
#PowerHAforAIX

Originally posted by: CRM

Update - it now sounds like this will NOT work, but still not sure why.

Will update if I can find out why.

Looking at MQ security edition now instead....

Chris
#PowerHAforAIX
#PowerHA-(Formerly-known-as-HACMP)-Technical-Forum

Originally posted by: Claudio

> know we need to consider carefully where we place the keys

Based on the above, it seems you're already aware of the fact that AIX places locally on each node under /var/efs information specific to the Encrypted FS. This is at least one of the challenges to be addressed, and i don't if simply making it a FS on the shared disks is enough (i do not know the internals of the AIX encrypted FS).
#PowerHAforAIX
#PowerHA-(Formerly-known-as-HACMP)-Technical-Forum