Techniques for persistently toggling a FIPS-140 cryptographic mode of a clustered storage system

摘要

Improved clustered storage systems make use of a software toggle switch stored in a shared persistent configuration database, which allows a peer node to be rebooted into a FIPS 140 mode defined by the switch and then to take over as master while the original master node reboots into the new FIPS 140 mode as defined by the switch. Advantageously, system availability is maintained as the nodes are rebooted sequentially while a master is always available. The persistent switch allows for synchronization, while also allowing persistence of state even in the event of a system crash.

主权项

1. A method of operating a clustered storage system to toggle from a first cryptographic operating mode to a second cryptographic operating mode in a highly-available manner, the method comprising:
toggling a cryptographic mode software switch stored in a persistent configuration database of the clustered storage system from the first cryptographic operating mode to the second cryptographic operating mode; at a first node of the clustered storage system, sending an instruction to a second node instructing the second node to reboot, the second node being configured to boot into a cryptographic operating mode defined by the cryptographic mode software switch, the first node initially being in a master state that provides integral storage services and the second node initially being in a peer state; at the first node, polling the second node until the second node indicates that it has rebooted successfully; upon the second node having rebooted, sending a command from the first node to the second node, the command instructing the second node to switch to the master state that provides the integral storage services; and rebooting the first node into the peer state, the first node being configured to boot into the cryptographic operating mode defined by the cryptographic mode software switch; wherein: the first node, when operating in the second cryptographic operating mode, is validated as using a government-accredited cryptographic module, being configured to only engage in secured communications using cryptographic algorithms that are government-approved; the second node, when operating in the second cryptographic operating mode, is validated as using the government-accredited cryptographic module, being configured to only engage in secured communications using cryptographic algorithms that are government-approved; the first node, when operating in the first cryptographic operating mode, is configured to engage in secured communications using cryptographic algorithms without regard to government-approval status; the second node, when operating in the first cryptographic operating mode, is configured to engage in secured communications using cryptographic algorithms without regard to government-approval status; and the government-accredited cryptographic module is a Federal Information Processing Standard (FIPS) 140-accredited cryptographic module.