On Tue, Oct 27, 2009 at 12:58 AM, Jeffery Soo <js at realtechtalk.com> wrote: > weber wrote: >> >> On Mon, 26 Oct 2009 10:05:52 +0100, Tomasz Chmielewski <mangoo at wpkg.org> >> wrote: >> >>> >>> Jeffery Soo wrote: >>> >>>> >>>> I'm using glusterfs 2.07 and I'm trying to secure it. ?I'm using it on a >>>> >> >> >>>> >>>> switch that is connected to the internet. >>>> I've tried using stunnel but it uses like 90% of CPU on both client and >>>> server. ?It also reduces throughput by 3-4x. >>>> >>>> Is there any better way or translator that will be available soon to >>>> secure and encrypt the connection, or is glusterfs really meant to be used >>>> only on a private internal switch? >>>> >>> >>> I don't think there is any usable translator for that. >>> >>> You can try running it over an IPsec or OpenVPN tunnel. >>> >>> If you run glusterfs over internet, you might also consider enabling >>> compression in the VPN tunnel; this could technically increase your >>> throughput. >>> >> >> >> http://gluster.com/community/documentation/index.php/Translators/encryption/rot-13 >> >> ROT-13 is a toy translator that can "encrypt" and "decrypt" file contents >> using the ROT-13 algorithm. ROT-13 is a trivial algorithm that rotates >> each >> alphabet by thirteen places. Thus, 'A' becomes 'N', 'B' becomes 'O', and >> 'Z' becomes 'M'. >> >> It goes without saying that you shouldn't use this translator if you need >> _real_ encryption (a future release of GlusterFS will have real encryption >> translators). >> so its an upcoming feature. >> >> Why dont use GRE or ssh? >> _______________________________________________ >> Gluster-users mailing list >> Gluster-users at gluster.org >> http://gluster.org/cgi-bin/mailman/listinfo/gluster-users >> >> > > Thanks for the suggestion. ?I used an SSH tunnel and the performance was > very close to having it without encryption. ?The SSH tunnel is something I > never thought of. ?If I can't find a better solution I will do it this way. > ?Next I'll try GRE, do you think GRE can achieve better performance or at > least lower CPU usage than SSH? > > I wish ROT-13 was stable/production ready and safe. > > _______________________________________________ > Gluster-users mailing list > Gluster-users at gluster.org > http://gluster.org/cgi-bin/mailman/listinfo/gluster-users > > I'm working on something like that, some patchs are available in my git tree: http://git.iksaif.net/?p=glusterfs.git;a=shortlog;h=refs/heads/transport-encryption It's not production ready, but feel free to test, and fix bugs :) -- Corentin Chary http://xf.iksaif.net
