[Gluster-users] GlusterFS Security Stunnel or alternative?
js at realtechtalk.com
Mon Oct 26 23:58:31 UTC 2009
> On Mon, 26 Oct 2009 10:05:52 +0100, Tomasz Chmielewski <mangoo at wpkg.org>
>> Jeffery Soo wrote:
>>> I'm using glusterfs 2.07 and I'm trying to secure it. I'm using it on a
>>> switch that is connected to the internet.
>>> I've tried using stunnel but it uses like 90% of CPU on both client and
>>> server. It also reduces throughput by 3-4x.
>>> Is there any better way or translator that will be available soon to
>>> secure and encrypt the connection, or is glusterfs really meant to be
>>> used only on a private internal switch?
>> I don't think there is any usable translator for that.
>> You can try running it over an IPsec or OpenVPN tunnel.
>> If you run glusterfs over internet, you might also consider enabling
>> compression in the VPN tunnel; this could technically increase your
> ROT-13 is a toy translator that can "encrypt" and "decrypt" file contents
> using the ROT-13 algorithm. ROT-13 is a trivial algorithm that rotates each
> alphabet by thirteen places. Thus, 'A' becomes 'N', 'B' becomes 'O', and
> 'Z' becomes 'M'.
> It goes without saying that you shouldn't use this translator if you need
> _real_ encryption (a future release of GlusterFS will have real encryption
> so its an upcoming feature.
> Why dont use GRE or ssh?
> Gluster-users mailing list
> Gluster-users at gluster.org
Thanks for the suggestion. I used an SSH tunnel and the performance was
very close to having it without encryption. The SSH tunnel is something
I never thought of. If I can't find a better solution I will do it this
way. Next I'll try GRE, do you think GRE can achieve better performance
or at least lower CPU usage than SSH?
I wish ROT-13 was stable/production ready and safe.
More information about the Gluster-users