Hi everyone, we have a ceph cluster for object storage only, the rgws are accessible from the internet, and everything is ok.
Now, one of our team/client required that their data should not ever be accessible from the internet.
In any case of security bug/breach/whatever, they want to limit the access to their data from the local network.
Before creating a second "private" cluster, is there a way to achieve this on our current "public" cluster?
Is a multi-zone without replication would help me with that?
A public rgws for public access on the "pub_zone", and a private rgws for private access on the "prv_zone"?
pubzone.rgw.buckets.data
prvzone.rgw.buckets.data
If the "public" rgws is hacked, without the access_key/secret_key of the private zone, is there any possibilities to access the private zone?
Does a multi-realms would help me to secure it more?
Any input would be really appreciated.
I don't want to put to much energy for false security and/or security by obscurity,
so if these scenarios of multi-sites/multi-realms are useless, in a security point of view, please tell me. :-)
Thanks!
JS
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
