[Openstack-operators] [swift] How to encrypt account/container/object data that travels through storage nodes?
guimalufb at gmail.com
Fri Oct 17 12:31:48 UTC 2014
Exactly. This is a big issue. I'm wondering how globally distributed handle
this type of issue. How storages replicate between two countrys, like
Brazil and China, in a secure manner?
On Wed, Oct 15, 2014 at 3:06 PM, Pete Zaitcev <zaitcev at redhat.com> wrote:
> On Wed, 17 Sep 2014 15:16:22 -0300
> Gui Maluf <guimalufb at gmail.com> wrote:
> > Replicas are copied between storage nodes and swift presume all storage
> > nodes are running in a secure network. Taking any scenario of a Globally
> > Distributed OpenStack Swift Cluster
> > <
> > how could nodes replicates through Regions, or even between zones, using
> > VPN, SSL or any secure/encrypted way?
> I'm afraid there's no other practical way but create VPNs between
> datacenters and tunnel your back-end Swift traffic. Although it
> could be possible to use SSL (with minimal changes), there's no
> authentication or authorization in Swift back-end services.
> If you let attackers on your replication network, it's game over.
> -- Pete
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-operators