Hi, AFAIK, there is no encryption on the wire, either between daemons or between a daemon and a client The only encryption available on Ceph is at rest, using dmcrypt (aka your data are encrypted before being written on disk) Regards, On 01/10/2019 07:59 PM, Sergio A. de Carvalho Jr. wrote: > Hi everyone, I have some questions about encryption in Ceph. > > 1) Are RBD connections encrypted or is there an option to use encryption > between clients and Ceph? From reading the documentation, I have the > impression that the only option to guarantee encryption in transit is to > force clients to encrypt volumes via dmcrypt. Is there another option? I > know I could encrypt the OSDs but that's not going to solve the problem of > encryption in transit. > > 2) I'm also struggling to understand if communication between Ceph daemons > (monitors and OSDs) are encrypted or not. I came across a few references > about msgr2 but I couldn't tell if it is already implemented. Can anyone > confirm this? > > I'm currently starting a new project using Ceph Mimic but if there's > something new in this space expected for Nautilus, it would be good to know > as well. > > Regards, > > Sergio > > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |