[Gluster-users] Secure Setup / Separate GlusterFS / Encryption

[Michael.OBrien]

Hi Gluster Users,

 

I'm looking for some advice or best practice recommendations when it
comes to designing secure glusterFS environments. I'm talking about the
basic design principles that a user should consider irrespective of the
content that will be stored. I realise security isn't a destination but
a journey but I'd appreciate any advice you may have and it goes without
saying that if the content is that important it should be separated.

 

What is the current advise on configuring secure glusterFS environments
or the trade-offs to consider? 

 

Should everything from bricks to storage nodes and the storage data
network be separated into different glusterFS's or can I share storage
nodes across different clients without fear of crossed wires or a rogue
client being able to list the other mount points of other clients or
worse access their data? 

 

My mindset would be to try and compare it to a SAN (but I'm not a SAN
guy either) where disk storage is pooled and provisioned as LUN's and
the LUN's are presented to certain HBA's . The SAN can be configured so
that only particular HBA's can access a LUN so even if the client is
compromised the SAN doesn't allow it to access other LUN's

 

Finally also on the topic of security how would people suggest handling
encryption of client data and working with a storage server hosting
different encrypted data

 

Michael

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20130918/6429d503/attachment.html>