I was thinking of iscsi gateways colocated on the osd nodes and trying to distribute the luns as evenly as possible, would that setup work ? Also regarding the configuration of the iscsi target is it stored inside ceph cluster ?
Le jeu. 20 sept. 2018 à 08:23, Jan Fajerski <jfajerski@xxxxxxxx> a écrit :
Hi,
if you want to isolate your HV from ceph's public network a gateway would do
that (like iscsi gateway). Note however that this will also add an extra network
hop and a potential bottleneck since all client traffic has to pass through the
gateway node(s).
HTH,
Jan
On Wed, Sep 19, 2018 at 01:05:06PM +0200, Florian Florensa wrote:
>Hello everyone,
>
>I am currently working on the design of a ceph cluster, and i was
>asking myself some question regarding the security of the cluster.
>(Cluster should be deployed using Luminous on Ubuntu 16.04)
>
>Technically, we would have HVs exploiting the block storage, but we
>are in a position where we can't trust the VM that is running, thus,
>the HV can eventually get compromised, so how can we do to avoid a
>compromised hypervisor from compromising the safety of the data on the
>ceph cluster ?
>Using iscsi ? Using one key-ring per hypervisor ? Anything else ?
>
>Regards,
>
>Florian.
>_______________________________________________
>ceph-users mailing list
>ceph-users@xxxxxxxxxxxxxx
>http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>
--
Jan Fajerski
Engineer Enterprise Storage
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
