>>1) Are RBD connections encrypted or is there an option to use encryption between clients and Ceph? From reading the documentation, I have the impression that the only option to guarantee encryption in >>transit is to force clients to encrypt volumes via dmcrypt. Is there another option? I know I could encrypt the OSDs but that's not going to solve the problem of encryption in transit. not related to ceph, but if you use qemu, they are a luks driver for qemu, so you can encrypt from qemu process to storage. https://people.redhat.com/berrange/kvm-forum-2016/kvm-forum-2016-security.pdf ----- Mail original ----- De: "Sergio A. de Carvalho Jr." <scarvalhojr@xxxxxxxxx> À: "ceph-users" <ceph-users@xxxxxxxxxxxxxx> Envoyé: Jeudi 10 Janvier 2019 19:59:06 Objet: Encryption questions Hi everyone, I have some questions about encryption in Ceph. 1) Are RBD connections encrypted or is there an option to use encryption between clients and Ceph? From reading the documentation, I have the impression that the only option to guarantee encryption in transit is to force clients to encrypt volumes via dmcrypt. Is there another option? I know I could encrypt the OSDs but that's not going to solve the problem of encryption in transit. 2) I'm also struggling to understand if communication between Ceph daemons (monitors and OSDs) are encrypted or not. I came across a few references about msgr2 but I couldn't tell if it is already implemented. Can anyone confirm this? I'm currently starting a new project using Ceph Mimic but if there's something new in this space expected for Nautilus, it would be good to know as well. Regards, Sergio _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |