From: Igor Fedotov <ifedotov@mirantis.com>
To: Andrey Korolyov <andrey@xdel.ru>
Cc: Gregory Farnum <gfarnum@redhat.com>,
ceph-devel <ceph-devel@vger.kernel.org>
Subject: Re: Wiping object content on removal
Date: Tue, 24 Nov 2015 19:58:49 +0300 [thread overview]
Message-ID: <56549749.9000906@mirantis.com> (raw)
In-Reply-To: <CABYiri-aV2t-OkcrAFLwyy-FWz5Vk-3S7PUxUfwa2Fijr7RKmQ@mail.gmail.com>
Andrey,
thanks for your valuable comment.
Answering to your question - I don't have complete model. That was just
a quick idea produced by the information that Openstack Cinder performs
such wipe out when removing volumes (i.e. RBD images). And it does that
by trivial writing to an image. Doing similar thing at Ceph level can be
done faster and in background.
Thanks,
Igor
On 11/23/2015 7:53 PM, Andrey Korolyov wrote:
> On Mon, Nov 23, 2015 at 7:44 PM, Igor Fedotov <ifedotov@mirantis.com> wrote:
>> Hi Gregory,
>>
>> On 23.11.2015 18:52, Gregory Farnum wrote:
>>> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@mirantis.com>
>>> wrote:
>>>> Hi Cephers.
>>>>
>>>> Does Ceph have an ability to wipe object content during one's removal?
>>>> Surely one can do that manually from the client but I think that's
>>>> ineffective and not 100% secure.
>>>>
>>>> If no - what's about adding such feature to Ceph?
>>>> I can start working on that.
>>> Wipe object content during removal of what? The OSD? Or are you
>>> talking about secure erase of object data instead of unlinking files?
>> I meant secure object removal.
>>
>>> I'm not sure if any of that is really more interesting than just
>>> enabling disk encryption...
>>> -Greg
>> I agree that encryption is more secure but it consumes much more CPU
>> resources.
>>
>> Thanks,
>> Igor
>>
> Hi,
>
> just wondering - do you have a complete security model where secure
> erase is required, but data protection by itself is not important by
> itself? In any way, the immediate object wipeout is not fast - it
> could consume tens of minutes or even hours after actual erase
> command, which is actually negates the requirement of the effective
> data destruction. Commonly the erase procedure is required when a
> media is moved between different security access zones, which could be
> seen as a lifecycle operation and it does not depend on any software
> functionality within those zones.
next prev parent reply other threads:[~2015-11-24 16:58 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-18 14:42 Wiping object content on removal Igor Fedotov
2015-11-23 15:52 ` Gregory Farnum
2015-11-23 16:44 ` Igor Fedotov
2015-11-23 16:53 ` Andrey Korolyov
2015-11-24 16:58 ` Igor Fedotov [this message]
2015-11-23 17:11 ` Gregory Farnum
2015-11-24 17:04 ` Igor Fedotov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56549749.9000906@mirantis.com \
--to=ifedotov@mirantis.com \
--cc=andrey@xdel.ru \
--cc=ceph-devel@vger.kernel.org \
--cc=gfarnum@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.