[chef] Re: Re: network encryption between hosts


Chronological Thread 
  • From: Adam Greene < >
  • To:
  • Subject: [chef] Re: Re: network encryption between hosts
  • Date: Wed, 23 Nov 2011 10:53:58 -0800

yes; we are using VPC...but the connections between instances aren't encrypted.  They use some really nice firewall features (at VM and network level) to route and shape traffic, some of which we can control, but it isn't encrypted.  Configuration errors at the amazon or individual level can expose data to other customers (the netflix instance from a month ago was the most widely publicized but it is fairly common, or so I understand).

we also have to support RackSpace, where the network doesn't seem to be as tightly controlled as amazon's VPC.

so the root problem still stands (I think! ;) ; adding a layer of protection on top of a network that is multi-tenant and not in our direct control.

-- 
Adam Greene
SweetSpot -- Diabetes Management, Simplified

http://www.SweetSpotDiabetes.com
ph: 503.893.2448 | cell: 503.784.2104 | fax: 888.893.6029

On Wednesday, November 23, 2011 at 10:48 AM, Aaron Abramson wrote:

If the desire is to ensure that communications between instances are secure, have you given any thoughts to leveraging Amazon's VPC? At least for that portion of it?


On Nov 23, 2011, at 12:13 PM, Adam Greene wrote:

hey folks,

we are looking to provide host-to-host encryption between every instance that resides on our network. We've been looking at a few different options (OpenSwan, OpenVPN, NeoRouter, or stunnel), and I'm curious if anyone has any experience that they would be willing to share.

The primary goal is to protect the data moving between systems on virtualized resources (ie, ec2 and rackspace). The primary goal is not focused on being able to quickly lock out an ex-employee or provide a controlled access point from work into the cloud. And I am aware of how ec2 controls network traffic (active packet switching, network acls, security groups, etc). But we want to add another layer of encryption which we control and is on top of what is, even if done well, an untrusted network.

So initial focus was on focusing on host-to-host (which scratches openVPN) at the sysconfig level. But each instance will need to be connected to 6-12 different hosts at any given time (each has monitoring, metric gathering, and syslog, and then depending on the role, might have connections to multiple datastores, etc).

We are also exploring moving it up into the application stack and for the connections which cannot be encrypted (web proxy to app roles, app roles to some datastores) wrapping those connections in stunnel.

what makes this interesting is the power that chef search can bring to the table with configuration management and what not. So while something like stunnel sounds silly when managing hundreds of host-to-host connections, we are taking a look at it because of chef.

Anyway, just throwing out a general question to see what people's experiences have been and if chef changes how they approach an issue such as this.

thanks!
adam




Archive powered by MHonArc 2.6.16.

§