[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] aoe security

  • To: xen-users@xxxxxxxxxxxxxxxxxxx
  • From: Andy Smith <andy@xxxxxxxxxxxxxx>
  • Date: Mon, 3 Sep 2007 03:16:06 +0000
  • Delivery-date: Sun, 02 Sep 2007 20:16:29 -0700
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
  • Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc


On Sun, Sep 02, 2007 at 05:43:02PM -0600, Steven wrote:
> I've built a mini lab using 2 raid 10 file servers with drbd/HA, LVM and 
> vblade mini servers for making domU available to xen servers (dom0).
> It work like a charm and I wish I could deploy it but there is one 
> single issue which makes me quite uncomfortable to use as is: aoe security.

If all your storage traffic is going over a network unencrypted,
isn't it fairly obvious that all your security rests with the
infrastructure?  i.e. do it over a network segment that is used
only by you, for storage.

If you do AOE over a shared LAN, what a surprise, other people on
the LAN can mess with you...

Guess what, if others can send ARP packets to your machines then
screwing with your storage is the least of your worries; they will
have no problem passively sniffing all your network data as well.


Attachment: signature.asc
Description: Digital signature

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.