[LU-15582] RFI for lustre encryption Created: 22/Feb/22 Updated: 28/Feb/22 |
|
| Status: | Open |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.12.8 |
| Fix Version/s: | None |
| Type: | Story | Priority: | Major |
| Reporter: | Ryan Seal | Assignee: | Sebastien Buisson |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Environment: |
RHEL 7 |
||
| Rank (Obsolete): | 9223372036854775807 |
| Description |
|
We are running a lustre cluster and have been requested to determine if communications between clients and servers is encrypted. Requesting assistance in determining with if our client and servers lustre communications is encrypted. |
| Comments |
| Comment by Peter Jones [ 22/Feb/22 ] |
|
Sébastien Could you please talk to the options in this area, both in 2.12.x and more current releases Thanks Peter |
| Comment by Sebastien Buisson [ 28/Feb/22 ] |
|
Hi Ryan, In Lustre 2.12, you have two options to get the client/server communications encrypted:
In Lustre 2.14/2.15, you get one more option thanks to the client-side encryption feature. Its purpose is to protect data at rest, but as it is implemented on Lustre client side, most of the traffic between clients and servers gets encrypted when accessing an encrypted directory. Please note that some information remains unencrypted even for encrypted files, such as timestamps, access rights, file owner, extended attributes, but depending on your use case it might be fine. Please let me know if you need more information. |