weber wrote: > On Mon, 26 Oct 2009 10:05:52 +0100, Tomasz Chmielewski <mangoo at wpkg.org> > wrote: > >> Jeffery Soo wrote: >> >>> I'm using glusterfs 2.07 and I'm trying to secure it. I'm using it on a >>> > > >>> switch that is connected to the internet. >>> I've tried using stunnel but it uses like 90% of CPU on both client and >>> server. It also reduces throughput by 3-4x. >>> >>> Is there any better way or translator that will be available soon to >>> secure and encrypt the connection, or is glusterfs really meant to be >>> used only on a private internal switch? >>> >> I don't think there is any usable translator for that. >> >> You can try running it over an IPsec or OpenVPN tunnel. >> >> If you run glusterfs over internet, you might also consider enabling >> compression in the VPN tunnel; this could technically increase your >> throughput. >> > > http://gluster.com/community/documentation/index.php/Translators/encryption/rot-13 > > ROT-13 is a toy translator that can "encrypt" and "decrypt" file contents > using the ROT-13 algorithm. ROT-13 is a trivial algorithm that rotates each > alphabet by thirteen places. Thus, 'A' becomes 'N', 'B' becomes 'O', and > 'Z' becomes 'M'. > > It goes without saying that you shouldn't use this translator if you need > _real_ encryption (a future release of GlusterFS will have real encryption > translators). > > so its an upcoming feature. > > Why dont use GRE or ssh? > _______________________________________________ > Gluster-users mailing list > Gluster-users at gluster.org > http://gluster.org/cgi-bin/mailman/listinfo/gluster-users > > Thanks for the suggestion. I used an SSH tunnel and the performance was very close to having it without encryption. The SSH tunnel is something I never thought of. If I can't find a better solution I will do it this way. Next I'll try GRE, do you think GRE can achieve better performance or at least lower CPU usage than SSH? I wish ROT-13 was stable/production ready and safe.
