Hi, @Xiaodong I think ssl + register auth is enough, I don't think you need worried about that. Let me also attach some other mesos documents except ssl relate to security.
authentication: https://github.com/apache/mesos/blob/master/docs/authorization.md authentication: https://github.com/apache/mesos/blob/master/docs/authentication.md firewall_rules: https://github.com/apache/mesos/blob/master/docs/configuration.md#master-and-slave-options And if you want to use external firewall of iptables to limit access, it is also OK when you using mesos. On Fri, Oct 30, 2015 at 7:50 AM, Xiaodong Zhang <[email protected]> wrote: > oh!connect via ssl and register with auth is not safety enough? > > 发自我的 iPhone > > 在 2015年10月30日,上午12:55,tommy xiao <[email protected]> 写道: > > public ip is very dangerous for mesos cluster, you need a firewall on your > solution. > > 2015-10-28 10:16 GMT+08:00 Xiaodong Zhang <[email protected]>: > >> Hi teams: >> >> My scenarios is like this: >> >> My master nodes were deployed in AWS. My slaves were in AZURE.So they >> communicate via public ip. >> I got trouble when slaves try to register to master. >> Now slaves can get master’s public ip address,and can send register >> request.But they can only send there private ip to master.(Because they >> don’t know there public ip,thus they can’t not bind a public ip via —ip >> flag), thus masters can’t connect slaves.How can the slave to tell master >> which ip master should connect(I can’t find any flags like —advertise_ip >> in master). >> > > > > -- > Deshi Xiao > Twitter: xds2000 > E-mail: xiaods(AT)gmail.com > > -- Best Regards, Haosdent Huang
