I was thinking of iscsi gateways colocated on the osd nodes and trying to distribute the luns as evenly as possible, would that setup work ? Also regarding the configuration of the iscsi target is it stored inside ceph cluster ?
Le jeu. 20 sept. 2018 à 08:23, Jan Fajerski <jfajer...@suse.com> a écrit : > Hi, > if you want to isolate your HV from ceph's public network a gateway would > do > that (like iscsi gateway). Note however that this will also add an extra > network > hop and a potential bottleneck since all client traffic has to pass > through the > gateway node(s). > > HTH, > Jan > > On Wed, Sep 19, 2018 at 01:05:06PM +0200, Florian Florensa wrote: > >Hello everyone, > > > >I am currently working on the design of a ceph cluster, and i was > >asking myself some question regarding the security of the cluster. > >(Cluster should be deployed using Luminous on Ubuntu 16.04) > > > >Technically, we would have HVs exploiting the block storage, but we > >are in a position where we can't trust the VM that is running, thus, > >the HV can eventually get compromised, so how can we do to avoid a > >compromised hypervisor from compromising the safety of the data on the > >ceph cluster ? > >Using iscsi ? Using one key-ring per hypervisor ? Anything else ? > > > >Regards, > > > >Florian. > >_______________________________________________ > >ceph-users mailing list > >ceph-users@lists.ceph.com > >http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > -- > Jan Fajerski > Engineer Enterprise Storage > SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, > HRB 21284 (AG Nürnberg) > _______________________________________________ > ceph-users mailing list > ceph-users@lists.ceph.com > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com >
_______________________________________________ ceph-users mailing list ceph-users@lists.ceph.com http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
