<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-IE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi Gluster Users,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m looking for some advice or best practice recommendations when it comes to designing secure glusterFS environments. I’m talking about the basic design principles that a user should consider irrespective of the content that will be stored. I realise security isn’t a destination but a journey but I’d appreciate any advice you may have and it goes without saying that if the content is that important it should be separated.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>What is the current advise on configuring secure glusterFS environments or the trade-offs to consider? <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Should everything from bricks to storage nodes and the storage data network be separated into different glusterFS’s or can I share storage nodes across different clients without fear of crossed wires or a rogue client being able to list the other mount points of other clients or worse access their data? <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>My mindset would be to try and compare it to a SAN (but I’m not a SAN guy either) where disk storage is pooled and provisioned as LUN’s and the LUN’s are presented to certain HBA’s . The SAN can be configured so that only particular HBA’s can access a LUN so even if the client is compromised the SAN doesn’t allow it to access other LUN’s<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Finally also on the topic of security how would people suggest handling encryption of client data and working with a storage server hosting different encrypted data<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Michael<o:p></o:p></p></div></body></html>