[Gluster-users] GlusterFS Security Stunnel or alternative?

Jeffery Soo js at realtechtalk.com
Mon Oct 26 23:58:31 UTC 2009 

weber wrote:
> On Mon, 26 Oct 2009 10:05:52 +0100, Tomasz Chmielewski <mangoo at wpkg.org>
> wrote:
>   
>> Jeffery Soo wrote:
>>     
>>> I'm using glusterfs 2.07 and I'm trying to secure it.  I'm using it on a
>>>       
>
>   
>>> switch that is connected to the internet.
>>> I've tried using stunnel but it uses like 90% of CPU on both client and 
>>> server.  It also reduces throughput by 3-4x.
>>>
>>> Is there any better way or translator that will be available soon to 
>>> secure and encrypt the connection, or is glusterfs really meant to be 
>>> used only on a private internal switch?
>>>       
>> I don't think there is any usable translator for that.
>>
>> You can try running it over an IPsec or OpenVPN tunnel.
>>
>> If you run glusterfs over internet, you might also consider enabling 
>> compression in the VPN tunnel; this could technically increase your 
>> throughput.
>>     
>
> http://gluster.com/community/documentation/index.php/Translators/encryption/rot-13
>
> ROT-13 is a toy translator that can "encrypt" and "decrypt" file contents
> using the ROT-13 algorithm. ROT-13 is a trivial algorithm that rotates each
> alphabet by thirteen places. Thus, 'A' becomes 'N', 'B' becomes 'O', and
> 'Z' becomes 'M'.
>
> It goes without saying that you shouldn't use this translator if you need
> _real_ encryption (a future release of GlusterFS will have real encryption
> translators). 
>
> so its an upcoming feature.
>
> Why dont use GRE or ssh?
> _______________________________________________
> Gluster-users mailing list
> Gluster-users at gluster.org
> http://gluster.org/cgi-bin/mailman/listinfo/gluster-users
>
>   
Thanks for the suggestion.  I used an SSH tunnel and the performance was 
very close to having it without encryption.  The SSH tunnel is something 
I never thought of.  If I can't find a better solution I will do it this 
way.  Next I'll try GRE, do you think GRE can achieve better performance 
or at least lower CPU usage than SSH?

I wish ROT-13 was stable/production ready and safe.

More information about the Gluster-users mailing list