It is not quite clear to me what you are trying to achieve. If you want to separate HyperVisors from Ceph, that would not give you much. HV is man-in-the-middle anyway so they would be able to tap into traffic whatever you do. iSCSI won't help you here. Also you would probably need to let the HV connect to any RBD disk as it is not usually pre-defined which exact VMs would be running on which HV. If it is fixed in your environment however, then yes, tools like iSCSI gateway could be used to restrict what every HV can access. If on the other hand you merely distrust your VMs, but DO trust the HyperVisor, you don't need to do much. Just keep the Ceph traffic in a separate VLAN (or NIC) from VM traffic and make sure the HVs (that you trust) would never accidentally bridge any VM with that VLAN. The hypervisor then mounts an RBD disk from Ceph and presents it as a local virtio physical disk to a VM. The VM never interacts with Ceph, it only interacts with the disk that it has been provided by virtualization layer, an the HV does the translation. Regards, Anthony ----- Original Message ----- From: "Jan Fajerski" <jfajerski@xxxxxxxx> To: ceph-users@xxxxxxxxxxxxxx Sent: Thursday, September 20, 2018 2:22:47 AM Subject: Re: Cluster Security Hi, if you want to isolate your HV from ceph's public network a gateway would do that (like iscsi gateway). Note however that this will also add an extra network hop and a potential bottleneck since all client traffic has to pass through the gateway node(s). HTH, Jan On Wed, Sep 19, 2018 at 01:05:06PM +0200, Florian Florensa wrote: >Hello everyone, > >I am currently working on the design of a ceph cluster, and i was >asking myself some question regarding the security of the cluster. >(Cluster should be deployed using Luminous on Ubuntu 16.04) > >Technically, we would have HVs exploiting the block storage, but we >are in a position where we can't trust the VM that is running, thus, >the HV can eventually get compromised, so how can we do to avoid a >compromised hypervisor from compromising the safety of the data on the >ceph cluster ? >Using iscsi ? Using one key-ring per hypervisor ? Anything else ? > >Regards, > >Florian. >_______________________________________________ >ceph-users mailing list >ceph-users@xxxxxxxxxxxxxx >http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > -- Jan Fajerski Engineer Enterprise Storage SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |