> >> Hi Bart, >> >> My another 2 cents:) >> On Fri, Feb 2, 2018 at 6:05 PM, Bart Van Assche <Bart.VanAssche@xxxxxxx> >> wrote: >>> >>> On Fri, 2018-02-02 at 15:08 +0100, Roman Pen wrote: >>>> >>>> o Simple configuration of IBNBD: >>>> - Server side is completely passive: volumes do not need to be >>>> explicitly exported. >>> >>> >>> That sounds like a security hole? I think the ability to configure >>> whether or >>> not an initiator is allowed to log in is essential and also which volumes >>> an >>> initiator has access to. >> >> Our design target for well controlled production environment, so >> security is handle in other layer. > > > What will happen to a new adopter of the code you are contributing? Hi Sagi, Hi Bart, thanks for your feedback. We considered the "storage cluster" setup, where each ibnbd client has access to each ibnbd server. Each ibnbd server manages devices under his "dev_search_path" and can provide access to them to any ibnbd client in the network. On top of that Ibnbd server has an additional "artificial" restriction, that a device can be mapped in writable-mode by only one client at once. -- Danil
