[Openstack] Securing privileged access to a swift storage
axel at hardreset.de
Tue Oct 15 14:38:09 UTC 2013
I can imagine this has been asked before. But a search engine or the the
archives did not deliver what i am looking for easily.
We have a swift-cluser running, with some storage-nodes, swift-proxys
and a keystone identity service.
The proxys do forward anything from the outside to the swift-proxys or
the keystone-server, as needed. This happens via http or https.
https via \
/ | | | \
It is considered a security risk allowing anyone privileged using
keystone over a clear text connection like http from the internet.
What would be best practice preventing storage- and openstack- admins
using the storage over unsecure public lines.
Thanks a lot.
More information about the Openstack