Proposal: data-at-rest encryption

[Joshua Schmid <jschmid@suse.de>]

Hi all,


just as a quick preface:

I'm fairly new to ceph, so forgive me any blunders :) But back to the topic.

after following several discussions on how to implement data-at-rest
encryption in ceph i want to add my two cents.



What is used:

a dedicated FTPS server for key-handling


How it will work:

Specify your key-server in ceph.conf.
Preparing and activating an OSD as usual via --dmcrypt. The newly
created key will be uploaded and deleted locally. On the initial unlock
it will already be retrieved via network.


Why is this a good way:

Taking in consideration that MONs are not the best place to put the keys
imho, a dedicated machine is a good place to put them since you are able
to take care of additional security arrangements.


What needs attention:

- The dedicated server is a single point of failure.
- If you add more servers, is rsync enough?
- Prevent swapping on key retrieval. (mlockall)



This is what i did so far:

https://github.com/jschmid1/ceph/commit/fee26890c24bd3a7b8865295546297e3f144e6d0?diff=unified


ANY feedback is welcome :)


-- 
Freundliche Grüße - Kind regards,
Joshua Schmid
Trainee - Storage
SUSE Linux GmbH - Maxfeldstr. 5 - 90409 Nürnberg
--------------------------------------------------------------------------------------------------------------------
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard,
Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
--------------------------------------------------------------------------------------------------------------------
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html