Isilon: PowerScale SED node add or build order

With the introduction of SED non-FIPS devices, a way to differentiate between Self-Encrypted Drive (SED) types was needed. OneFS 9.5 and above, now differentiate between SEDs based on certification levels. The levels of certification, from lowest to highest, are:

ISE (unencrypted)

SED-NON-FIPS

SED-FIPS

SED-FIPS-140-2

SED-FIPS-140-3

For the purposes of NVMe SEDs, SED-FIPS and SED-FIPS-140-2 are equivalent.

OneFS 9.10 has updated the naming scheme for the various levels, the following are the new terms:
ISE
SED-1 (Previously called SED Non-FIPS)

SED-2 (previously called FIPS-140-2)

SED-3 (new)

With mixed versions of SED nodes, the cluster must be built or they must be added using the lowest SED certification first. Cluster certification level is set with the first encrypted node that is added. You cannot add a lower certification level node to a cluster with a higher base cluster certification.

Examples:

• If you have a cluster that consists of SED-FIPS nodes, you cannot add nodes that have SED-NON-FIPS drives. You can only add SED-FIPS, SED-FIPS-140-2 and or SED-FIPS-140-3 nodes.
• If you have a cluster that was built with unencrypted nodes and you have added a SED-FIPS-140-2 node to the cluster, you can only add SED-FIPS-140-2 and or SED-FIPS-140-3 nodes.

Once a cluster has encrypted nodes, you cannot add unencrypted nodes under any circumstance.

If you have added encrypted nodes in the wrong order, contact support and quote this Knowledge Base document.