weber wrote:
On Mon, 26 Oct 2009 10:05:52 +0100, Tomasz Chmielewski <[email protected]>
wrote:
Jeffery Soo wrote:
I'm using glusterfs 2.07 and I'm trying to secure it. I'm using it on a
switch that is connected to the internet.
I've tried using stunnel but it uses like 90% of CPU on both client and
server. It also reduces throughput by 3-4x.
Is there any better way or translator that will be available soon to
secure and encrypt the connection, or is glusterfs really meant to be
used only on a private internal switch?
I don't think there is any usable translator for that.
You can try running it over an IPsec or OpenVPN tunnel.
If you run glusterfs over internet, you might also consider enabling
compression in the VPN tunnel; this could technically increase your
throughput.
http://gluster.com/community/documentation/index.php/Translators/encryption/rot-13
ROT-13 is a toy translator that can "encrypt" and "decrypt" file contents
using the ROT-13 algorithm. ROT-13 is a trivial algorithm that rotates each
alphabet by thirteen places. Thus, 'A' becomes 'N', 'B' becomes 'O', and
'Z' becomes 'M'.
It goes without saying that you shouldn't use this translator if you need
_real_ encryption (a future release of GlusterFS will have real encryption
translators).
so its an upcoming feature.
Why dont use GRE or ssh?
_______________________________________________
Gluster-users mailing list
[email protected]
http://gluster.org/cgi-bin/mailman/listinfo/gluster-users
Thanks for the suggestion. I used an SSH tunnel and the performance was
very close to having it without encryption. The SSH tunnel is something
I never thought of. If I can't find a better solution I will do it this
way. Next I'll try GRE, do you think GRE can achieve better performance
or at least lower CPU usage than SSH?
I wish ROT-13 was stable/production ready and safe.
_______________________________________________
Gluster-users mailing list
[email protected]
http://gluster.org/cgi-bin/mailman/listinfo/gluster-users
