[Openstack-operators] [swift] How to encrypt account/container/object data that travels through storage nodes?

Gui Maluf guimalufb at gmail.com
Fri Oct 17 12:31:48 UTC 2014


Exactly. This is a big issue. I'm wondering how globally distributed handle
this type of issue. How storages replicate between two countrys, like
Brazil and China, in a secure manner?

On Wed, Oct 15, 2014 at 3:06 PM, Pete Zaitcev <zaitcev at redhat.com> wrote:

> On Wed, 17 Sep 2014 15:16:22 -0300
> Gui Maluf <guimalufb at gmail.com> wrote:
>
> > Replicas are copied between storage nodes and swift presume all storage
> > nodes are running in a secure network. Taking any scenario of a Globally
> > Distributed OpenStack Swift Cluster
> > <
> https://swiftstack.com/blog/2012/09/16/globally-distributed-openstack-swift-cluster/
> >,
> > how could nodes replicates through Regions, or even between zones, using
> > VPN, SSL or any secure/encrypted way?
>
> I'm afraid there's no other practical way but create VPNs between
> datacenters and tunnel your back-end Swift traffic. Although it
> could be possible to use SSL (with minimal changes), there's no
> authentication or authorization in Swift back-end services.
> If you let attackers on your replication network, it's game over.
>
> -- Pete
>



-- 
*guilherme* \n
\t *maluf*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20141017/c77e36eb/attachment.html>


More information about the OpenStack-operators mailing list