Re: GDPR encryption at rest

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 2, 2018 at 11:12 AM, David Turner <drakonstein@xxxxxxxxx> wrote:
> I've heard conflicting opinions if GDPR requires data to be encrypted at
> rest, but enough of our customers believe that it is that we're looking at
> addressing it in our clusters.  I had a couple questions about the state of
> encryption in ceph.
>
> 1) My experience with encryption in Ceph is dmcrypt, is this still the
> standard method or is there something new with bluestore?

Standard, yes.

> 2) Assuming dmcrypt is still the preferred option, is it fully
> supported/tested in ceph-volume?  There were problems with this when
> ceph-volume was initially released, but I believe those have been resolved.

It is fully supported, but only with LUKS. The initial release of
ceph-volume didn't have dmcrypt support.

> 3) Any other thoughts about encryption at rest?  I have an upgrade path to
> get to encryption (basically the same as getting to bluestore from
> filestore).

Not sure what you mean by 'rest'. The ceph-volume encryption would
give you the same type of encryption that was provided by ceph-disk
with the only "gotcha" being it is LUKS (plain is not supported for
newly encrypted devices)

>
> Thanks for your comments.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux