[cgl_discussion] Security for internal messaging between different nodes of the cl uster?

Eric.Chacron at alcatel.fr Eric.Chacron at alcatel.fr
Mon Feb 3 07:37:11 PST 2003


Markan,

I think we must secure the system against paranoia too.
In another words i doesn't think internal cluster com. have to be
encrypted, excepted if this has
no significant performance cost.

Eric




"Makan Pourzandi (LMC)" <Makan.Pourzandi at ericsson.ca>@lists.osdl.org on
01/31/2003 08:59:16 PM

Sent by:  cgl_discussion-admin at lists.osdl.org


To:   "Cgl_Discussion (E-mail)" <cgl_discussion at osdl.org>, "CGL Specs-sg
      (E-mail)" <cgl_specs at osdl.org>
cc:
Subject:  [cgl_discussion] Security for internal messaging between
      different nodes of the cl uster?




Hi all,

Context:
We have a carrier-grade server that consists of multiple nodes with LAN
between nodes (LAN has been chosen to simplify the discussion, the
interconnection between nodes can be of any kind: Ethernet switches,
fiber,...).

Generally, one supposes that the server is in a trusted environment,
(i.e.; the server is behind one or several firewalls, and is protected
from intrusions). In reality, the spread of all viruses and Trojans
shows that firewalls are not enough to secure the whole network
(c.f. more precisely the propagation of viruses inside intranets of
different companies despite that those intranets are behind
firewalls).

Question:
1) Do we need to support any security mechanism for the internal messaging
between different nodes inside the kernel?

2) Do we need to support confidentiality or integrity for messages
exchanged
inside the cluster?

Remark that the fact that we support this does not mean that we want to use
them upon all messages exchanged. We can choose not to encrypt/authenticate
all or part of messages when the cluster is heavily loaded to avoid loss in
performances.

Also, clearly not all communications must be protected, for example I don't
believe that we need to protect heart beat messages.

 I personally believe that even if we do not support encrypted messaging
inside
the cluster at least we want to be able to guarantee integrity for some
communications
inside the cluster (for example, to be able to protect some
requests/commands
through the control panel).

Any comments?

Thank you,
Makan







More information about the cgl_discussion mailing list