On Tue, 11 Mar 2014 10:23:19 -0700 Prakash Surya <sur...@llnl.gov> wrote:
> Hi, > > All the documentation I've seen states that the oVirt NFS storage should > use the "all_squash,anonuid=36,anongid=36" options. Obviously this isn't > secure, so I'm curious how others have locked down their NFS storage? Is > the best option to just limit access to these NFS exports to the IP > addresses of the hypervisor nodes (and maybe the engine)? Is there a > better way to go about this? Run vlans and have some active monitoring for physical ports up|down states etc... If you cannot control your environment then ask yourself if you trust your infrastructure provider at all. You can run kerberized NFS etc... but what about kerberos security? The beginning is trust towards your infrastructure. j. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
