No thoughts on encrypting and authenticating zookeeper-to-zookeeper communication?
On Mar 8, 2013, at 3:13 PM, Matt Wise <[email protected]> wrote: > Currently we run Zookeeper out on the big bad scary internet using Stunnel as > an encryption and authentication system for our clients. Our single 5-node > Zookeeper quorum is in a single datacenter where we can control network > access and feel reasonably safe. > > I've been thinking about scale recently, and I would love to be able to put > Zookeeper Observer nodes in each of our regions. We don't use VPC or any > other network-to-network tunneling technology. Stunnel is simple when you > have one client, and one endpoint, but it sucks when you have multiple > servers all trying to talk to each other. > > Are there any plans to add SSL support to Zookeeper? Specifically to its own > private cluster communication ports? If not, what about running a Zookeeper > Observer in a "client" mode where I can point it to any of our 5 quorum > servers, and it acts as a kind of proxy for data -- without really "joining" > the cluster? > > --Matt >
