[Gluster-users] GlusterFS Security Stunnel or alternative?

weber weber at zackbummfertig.de
Mon Oct 26 13:23:05 UTC 2009


On Mon, 26 Oct 2009 10:05:52 +0100, Tomasz Chmielewski <mangoo at wpkg.org>
wrote:
> Jeffery Soo wrote:
>> I'm using glusterfs 2.07 and I'm trying to secure it.  I'm using it on a

>> switch that is connected to the internet.
>> I've tried using stunnel but it uses like 90% of CPU on both client and 
>> server.  It also reduces throughput by 3-4x.
>> 
>> Is there any better way or translator that will be available soon to 
>> secure and encrypt the connection, or is glusterfs really meant to be 
>> used only on a private internal switch?
> 
> I don't think there is any usable translator for that.
> 
> You can try running it over an IPsec or OpenVPN tunnel.
> 
> If you run glusterfs over internet, you might also consider enabling 
> compression in the VPN tunnel; this could technically increase your 
> throughput.

http://gluster.com/community/documentation/index.php/Translators/encryption/rot-13

ROT-13 is a toy translator that can "encrypt" and "decrypt" file contents
using the ROT-13 algorithm. ROT-13 is a trivial algorithm that rotates each
alphabet by thirteen places. Thus, 'A' becomes 'N', 'B' becomes 'O', and
'Z' becomes 'M'.

It goes without saying that you shouldn't use this translator if you need
_real_ encryption (a future release of GlusterFS will have real encryption
translators). 

so its an upcoming feature.

Why dont use GRE or ssh?



More information about the Gluster-users mailing list