[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] aoe security

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Andy Smith <andy@xxxxxxxxxxxxxx>
Date: Mon, 3 Sep 2007 03:16:06 +0000
Delivery-date: Sun, 02 Sep 2007 20:16:29 -0700
List-id: Xen user discussion <xen-users.lists.xensource.com>
Openpgp: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc

Hi,

On Sun, Sep 02, 2007 at 05:43:02PM -0600, Steven wrote:
> I've built a mini lab using 2 raid 10 file servers with drbd/HA, LVM and 
> vblade mini servers for making domU available to xen servers (dom0).
> It work like a charm and I wish I could deploy it but there is one 
> single issue which makes me quite uncomfortable to use as is: aoe security.

If all your storage traffic is going over a network unencrypted,
isn't it fairly obvious that all your security rests with the
infrastructure?  i.e. do it over a network segment that is used
only by you, for storage.

If you do AOE over a shared LAN, what a surprise, other people on
the LAN can mess with you...

Guess what, if others can send ARP packets to your machines then
screwing with your storage is the least of your worries; they will
have no problem passively sniffing all your network data as well.

Cheers,
Andy

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] aoe security
  - From: Steven

Prev by Date: Re: [Xen-users] vPro (VT-d) support?
Next by Date: [Xen-users] Problem: asms folder is needed when setup winxp HVM
Previous by thread: [Xen-users] aoe security
Next by thread: Re: [Xen-users] vPro (VT-d) support?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.