Andrey,
thanks for your valuable comment.
Answering to your question - I don't have complete model. That was just
a quick idea produced by the information that Openstack Cinder performs
such wipe out when removing volumes (i.e. RBD images). And it does that
by trivial writing to an image. Doing similar thing at Ceph level can be
done faster and in background.
Thanks,
Igor
On 11/23/2015 7:53 PM, Andrey Korolyov wrote:
On Mon, Nov 23, 2015 at 7:44 PM, Igor Fedotov <ifedotov@xxxxxxxxxxxx> wrote:
Hi Gregory,
On 23.11.2015 18:52, Gregory Farnum wrote:
On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@xxxxxxxxxxxx>
wrote:
Hi Cephers.
Does Ceph have an ability to wipe object content during one's removal?
Surely one can do that manually from the client but I think that's
ineffective and not 100% secure.
If no - what's about adding such feature to Ceph?
I can start working on that.
Wipe object content during removal of what? The OSD? Or are you
talking about secure erase of object data instead of unlinking files?
I meant secure object removal.
I'm not sure if any of that is really more interesting than just
enabling disk encryption...
-Greg
I agree that encryption is more secure but it consumes much more CPU
resources.
Thanks,
Igor
Hi,
just wondering - do you have a complete security model where secure
erase is required, but data protection by itself is not important by
itself? In any way, the immediate object wipeout is not fast - it
could consume tens of minutes or even hours after actual erase
command, which is actually negates the requirement of the effective
data destruction. Commonly the erase procedure is required when a
media is moved between different security access zones, which could be
seen as a lifecycle operation and it does not depend on any software
functionality within those zones.
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
