Hi, My two cents: the ZooKeeper's support to encryption between servers and between client-server has not progressed until now:
https://issues.apache.org/jira/browse/ZOOKEEPER-236 https://issues.apache.org/jira/browse/ZOOKEEPER-235 https://issues.apache.org/jira/browse/ZOOKEEPER-1000 Plus, you can find an interesting discussion here: http://zookeeper-user.578899.n2.nabble.com/Linking-two-sites-via-two-Zookeeper-instances-td7578441.html Edward On Sat, Mar 16, 2013 at 1:38 PM, Matt Wise <[email protected]> wrote: > No thoughts on encrypting and authenticating zookeeper-to-zookeeper > communication? > > On Mar 8, 2013, at 3:13 PM, Matt Wise <[email protected]> wrote: > > > Currently we run Zookeeper out on the big bad scary internet using > Stunnel as an encryption and authentication system for our clients. Our > single 5-node Zookeeper quorum is in a single datacenter where we can > control network access and feel reasonably safe. > > > > I've been thinking about scale recently, and I would love to be able to > put Zookeeper Observer nodes in each of our regions. We don't use VPC or > any other network-to-network tunneling technology. Stunnel is simple when > you have one client, and one endpoint, but it sucks when you have multiple > servers all trying to talk to each other. > > > > Are there any plans to add SSL support to Zookeeper? Specifically to its > own private cluster communication ports? If not, what about running a > Zookeeper Observer in a "client" mode where I can point it to any of our 5 > quorum servers, and it acts as a kind of proxy for data -- without really > "joining" the cluster? > > > > --Matt > > > >
