[openstack-dev] [Neutron][LBaaS] SSL Termination write-up

Evgeny Fedoruk EvgenyF at Radware.com
Tue Nov 26 15:37:07 UTC 2013 

Hi,
I've updated the wiki page
Please see and comment
https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL

Thanks,
Evg

-----Original Message-----
From: Vijay Venkatachalam [mailto:Vijay.Venkatachalam at citrix.com] 
Sent: Wednesday, November 20, 2013 4:17 PM
To: Samuel Bercovici; OpenStack Development Mailing List (not for usage questions); stephen.gran at guardian.co.uk
Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up

Yes. The following can be added

1. Certificate Chain as you already observed 2. Backend certificates for trust, basically CA certs.
      These certificates will be used by loadbalancer to validate the certificate presented by the backend services.

Thanks,
Vijay V.


> -----Original Message-----
> From: Samuel Bercovici [mailto:SamuelB at Radware.com]
> Sent: Wednesday, November 20, 2013 5:40 PM
> To: OpenStack Development Mailing List (not for usage questions); 
> stephen.gran at guardian.co.uk; Vijay Venkatachalam
> Subject: RE: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up
> 
> HI,
> 
> Besides a forward looking model do you see other differences?
> 
> -Sam.
> 
> -----Original Message-----
> From: Vijay Venkatachalam [mailto:Vijay.Venkatachalam at citrix.com]
> Sent: Wednesday, November 20, 2013 1:22 PM
> To: stephen.gran at guardian.co.uk; OpenStack Development Mailing List 
> (not for usage questions)
> Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL Termination write-up
> 
> 
> 
> > -----Original Message-----
> > From: Stephen Gran [mailto:stephen.gran at guardian.co.uk]
> > Sent: Wednesday, November 20, 2013 3:01 PM
> > To: OpenStack Development Mailing List (not for usage questions)
> > Subject: Re: [openstack-dev] [Neutron][LBaaS] SSL Termination 
> > write-up
> >
> > Hi,
> >
> > On Wed, 2013-11-20 at 08:24 +0000, Samuel Bercovici wrote:
> > > Hi,
> > >
> > >
> > >
> > > Evgeny has outlined the wiki for the proposed change at:
> > > https://wiki.openstack.org/wiki/Neutron/LBaaS/SSL which is in line 
> > > with what was discussed during the summit.
> > >
> > > The
> > >
> >
> https://docs.google.com/document/d/1tFOrIa10lKr0xQyLVGsVfXr29NQBq2n
> > YTvMkMJ_inbo/edit discuss in addition Certificate Chains.
> > >
> > >
> > >
> > > What would be the benefit of having a certificate that must be 
> > > connected to VIP vs. embedding it in the VIP?
> >
> > You could reuse the same certificate for multiple loadbalancer VIPs.
> > This is a fairly common pattern - we have a dev wildcard cert that 
> > is
> > self- signed, and is used for lots of VIPs.
> >
> If certificates can be totally independent and can be reused, it will 
> be awesome.
> But even otherwise, certificate connected to VIP is just better 
> modeling and provides an easier migration path towards an independent 
> certificate resource.
> 
> > > When we get a system that can store certificates (ex: Barbican), 
> > > we will add support to it in the LBaaS model.
> >
> > It probably doesn't need anything that complicated, does it?
> >
> > Cheers,
> > --
> > Stephen Gran
> > Senior Systems Integrator - The Guardian
> >
> > Please consider the environment before printing this email.
> > ------------------------------------------------------------------
> > Visit theguardian.com
> >
> > On your mobile, download the Guardian iPhone app 
> > theguardian.com/iphone and our iPad edition theguardian.com/iPad 
> > Save up to 33% by subscribing to the Guardian and Observer - choose 
> > the papers you want and get full digital access.
> > Visit subscribe.theguardian.com
> >
> > This e-mail and all attachments are confidential and may also be 
> > privileged. If you are not the named recipient, please notify the 
> > sender and delete the e- mail and all attachments immediately.
> > Do not disclose the contents to another person. You may not use the 
> > information for any purpose, or store, or copy, it in any way.
> >
> > Guardian News & Media Limited is not liable for any computer viruses 
> > or other material transmitted with or as part of this e-mail. You 
> > should employ virus checking software.
> >
> > Guardian News & Media Limited
> >
> > A member of Guardian Media Group plc Registered Office PO Box 68164 
> > Kings Place
> > 90 York Way
> > London
> > N1P 2AP
> >
> > Registered in England Number 908396
> >
> > --------------------------------------------------------------------
> > --
> > ----
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list