Hi,
if you want to isolate your HV from ceph's public network a gateway would do
that (like iscsi gateway). Note however that this will also add an extra network
hop and a potential bottleneck since all client traffic has to pass through the
gateway node(s).
HTH,
Jan
On Wed, Sep 19, 2018 at 01:05:06PM +0200, Florian Florensa wrote:
Hello everyone,
I am currently working on the design of a ceph cluster, and i was
asking myself some question regarding the security of the cluster.
(Cluster should be deployed using Luminous on Ubuntu 16.04)
Technically, we would have HVs exploiting the block storage, but we
are in a position where we can't trust the VM that is running, thus,
the HV can eventually get compromised, so how can we do to avoid a
compromised hypervisor from compromising the safety of the data on the
ceph cluster ?
Using iscsi ? Using one key-ring per hypervisor ? Anything else ?
Regards,
Florian.
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
--
Jan Fajerski
Engineer Enterprise Storage
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
