Hi Gluster Users, I'm looking for some advice or best practice recommendations when it comes to designing secure glusterFS environments. I'm talking about the basic design principles that a user should consider irrespective of the content that will be stored. I realise security isn't a destination but a journey but I'd appreciate any advice you may have and it goes without saying that if the content is that important it should be separated. What is the current advise on configuring secure glusterFS environments or the trade-offs to consider? Should everything from bricks to storage nodes and the storage data network be separated into different glusterFS's or can I share storage nodes across different clients without fear of crossed wires or a rogue client being able to list the other mount points of other clients or worse access their data? My mindset would be to try and compare it to a SAN (but I'm not a SAN guy either) where disk storage is pooled and provisioned as LUN's and the LUN's are presented to certain HBA's . The SAN can be configured so that only particular HBA's can access a LUN so even if the client is compromised the SAN doesn't allow it to access other LUN's Finally also on the topic of security how would people suggest handling encryption of client data and working with a storage server hosting different encrypted data Michael -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20130918/6429d503/attachment.html>
