Storage for Satellite reference architecture
You need to consider storage options both in IBM Cloud and in the on-premises Satellite location.
Storage in IBM Cloud
All Satellite control plane data is backed up to an IBM Cloud Object Storage service instance within IBM Cloud. This is done so that your location can be restored after a disaster. When you create a location, you also provide a Object Storage service instance that you control for backup of the location control plane worker nodes. Control plane master data is backed up by IBM and stored in an IBM-owned Object Storage instance. Satellite cluster master data is backed up to the Object Storage instance that you own.
Aside from backing up data from the Satellite location, Object Storage is also used to store auditable IBM Cloud events. For more information, see Audit logging of IBM Cloud events.
About Object Storage
Object Storage stores encrypted and dispersed data across multiple geographic locations. Object Storage is available with three types of resiliency: Cross Region, Regional, and Single Data Center. Cross Region provides higher durability and availability than using a single region at the cost of slightly higher latency. Regional service reverses those tradeoffs, and distributes objects across multiple availability zones within a single region. If a given region or availability zone is unavailable, the object store continues to function without impediment. Single Data Center distributes objects across multiple machines within the same physical location.
Users of Object Storage refer to their binary data, such as files, images, media, archives, or even entire databases as objects. Objects are stored in a bucket, the container for their unstructured data. Buckets contain both inherent and user-defined metadata. Finally, objects are defined by a globally unique combination of the bucket name and the object key, or name.
All Object Storage buckets must be encrypted with KYOK by using keys that are managed by Hyper Protect Crypto Services. For more information, see Encryption at rest. In addition, a geographically separate region should be used as an alternative storage site. This means you should use cross region resiliency for all of your Object Storage buckets.
To start working with Object Storage, see the following instructions:
Storage in Satellite location
Within the Satellite location, Satellite storage uses Satellite Config to provide a convenient way to install various storage drivers in Red Hat OpenShift on IBM Cloud clusters, by using storage templates. The storage templates are provided and tested by the vendors. After you install Satellite storage, your cluster users can use Kubernetes persistent volume claims (PVCs) to order and save their application data in persistent storage. For more information, see Understanding Satellite storage.
You are responsible for providing the underlying virtual and physical storage that will be accessed by Satellite storage in your on-premises Satellite location. You should ensure your underlying physical storage is encrypted using keys managed by an on-premises FIPS 140-2 level 2 or higher hardware security module (HSM).