My environment:
- K8S 1.9.x
- OpenEBS 0.6
I am using 5 vms for my worker nodes and many disks are attached to it. I want persistent storage for running kafka and mongodb app. I am looking for encryption at rest at storage level instead of encryption at container level. Does OpenEBS support encryption at rest?
An alternate solution to providing encryption at rest, pointed out on the OpenEBS Slack Channel was to use LUKS in your host operating system to encrypt the volumes you want encrypted-at-rest. Example tutorial for CentOS: https://wiki.centos.org/HowTos/EncryptedFilesystem
Currently OpenEBS does not support encryption at rest.
Related
I am trying to enable SSE with a Customer-Managed CMK in my production Redshift cluster to follow certain security protocols.
For POC purposes, I spun up a 1 Node dc2.large Redshift cluster and following this doc, I was able to enable SSE.
However, my question is, does enabling SSE encrypt the existing data in the cluster? If not, what steps should be taken?
Overall what are the downsides, if any, of enabling encryption at rest in a production Redshift cluster and what are the best practices?
There is no need to change anything in your code or existing pipelines/process. This is Disk encryption. Its nothing to do with your database connections or code.
To know more about the process then read these links.
https://aws.amazon.com/about-aws/whats-new/2018/10/encrypt-amazon-redshift-1-click/
https://docs.aws.amazon.com/redshift/latest/mgmt/changing-cluster-encryption.html
I am referring to the line : You can use any standard key tools or Corda’s X509Utilities (which uses Bouncy Castle) to create the required public/private keypairs and certificates. (from https://docs.corda.net/docs/corda-os/3.1/permissioning.html#creating-the-root-and-doorman-cas)
To your questions, you will now need a PKI tool to create the required public/private keypairs and certificates.
However, if I am not mistaken, you are trying to build a private Corda network. Corda 4.5 currently offer 2 toolsets to start a network.
Corda network bootstrapper here. This is for non-production level quick PoC tool. And there is no doorman involved in this toolset. So you actually do not need to worry about the keypair and CA stuff.
Corda Enterprise Network Manager here. This is production level tool set, which offers you the abilities to setup you network including the Keys and CAs
You are referring to the documentation for Corda 3.1 and now we are on Corda 4.5, we highly suggest you always follow the latest documentation as the code implementation might vary from version to version.
I have a .NET client (using Confluent .NET Kafka) as consumer on Kafka topic. Now I want to encrypt the traffic. I am looking for lightweight solution to do it. Any experience? Shall I stick with SSL?
Beware that you might encrypt the traffic but data at rest will not be encrypted in Kafka. The only way to actually encrypt the messages is doing that on the client side.
There are some higher level libraries that will do that for you. For example Silverback (my library): https://silverback-messaging.net/concepts/broker/encryption.html
TLS should work fine. Otherwise you'd write your own Serializer / Deserializer classes to do encryption
Does anyone know if the base Connect:Direct protocol ( used between two IBM Sterling secure proxy instances) supports encryption ? Or do you need to enable the Secure+ extension to obtain this feature ?
Thanks,
Ranjit
Connect Direct itself is secure, as no node without having the right information (IP AND NODE NAME) can access.
However the security for data streamed enroute should be done using Secure plus which involves certificate - implementing it would be a viable solution so long as traffic passes over internet and different datacenters.
In the documentation of OrientDB it mentioned that encryption at rest is not supported on remote protocol yet. It can be used only with plocal.
Currently we are using the OrientDB version 2.2.22. Database encryption is mandatory for us. We were previously using OrientDB in plocal mode, but now we have a new requirement in which multiple processes from different JVMs need to connect with same OrientDB database, which is not possible in plocal model.
Is there any way we can achieve it? Is there any workaround? Is this feature going to be supported in upcoming releases?
If you start your server and provide the key at startup, from that point on, the database is accessible via remote. So it would work. I suggest encrypting the TCP/IP connection too at that point.
No, it cannot currently be done:
NOTE: Encryption at rest is not supported on remote protocol yet. It can be used only with plocal.
Given your new requirements, it seems like OrientDB is not the right choice for you anymore.