Hi everyone, we have a ceph cluster for object storage only, the rgws are
accessible from the internet, and everything is ok.
Now, one of our team/client required that their data should not ever be
accessible from the internet.
In any case of security bug/breach/whatever, they want to limit the access to
their data from the local network.
Before creating a second "private" cluster, is there a way to achieve this on
our current "public" cluster?
Is a multi-zone without replication would help me with that?
A public rgws for public access on the "pub_zone", and a private rgws for
private access on the "prv_zone"?
pubzone.rgw.buckets.data
prvzone.rgw.buckets.data
If the "public" rgws is hacked, without the access_key/secret_key of the
private zone, is there any possibilities to access the private zone?
Does a multi-realms would help me to secure it more?
Any input would be really appreciated.
I don't want to put to much energy for false security and/or security by
obscurity,
so if these scenarios of multi-sites/multi-realms are useless, in a security
point of view, please tell me. :-)
Thanks!
JS
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
