On Wed, May 2, 2018 at 11:12 AM, David Turner <drakonstein@xxxxxxxxx> wrote: > I've heard conflicting opinions if GDPR requires data to be encrypted at > rest, but enough of our customers believe that it is that we're looking at > addressing it in our clusters. I had a couple questions about the state of > encryption in ceph. > > 1) My experience with encryption in Ceph is dmcrypt, is this still the > standard method or is there something new with bluestore? Standard, yes. > 2) Assuming dmcrypt is still the preferred option, is it fully > supported/tested in ceph-volume? There were problems with this when > ceph-volume was initially released, but I believe those have been resolved. It is fully supported, but only with LUKS. The initial release of ceph-volume didn't have dmcrypt support. > 3) Any other thoughts about encryption at rest? I have an upgrade path to > get to encryption (basically the same as getting to bluestore from > filestore). Not sure what you mean by 'rest'. The ceph-volume encryption would give you the same type of encryption that was provided by ceph-disk with the only "gotcha" being it is LUKS (plain is not supported for newly encrypted devices) > > Thanks for your comments. _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |