Project

General

Profile

Story #1826

Hazelcast communications are insecure

Added by Robert Waltz over 12 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Chris Brumgard
Category:
Documentation
Target version:
-
Start date:
Due date:
% Done:

100%

Story Points:
Sprint:

Description

Due to restrictions of the hazelcast client. Hazelcast is sending all communications clear text.

We need to tunnel communications via secure VPN from one machine to the next. I hope all the machines are built with a base system using Linux!

we will require a dedicated network interface on each machine. Each network interface will have a corresponding virtual interface on each VM communicating via hazelcast. Hazelcast will be configured to communicate directly to the interface as specified on the VM for communications.

The overhead of encryption will be performed by the base operating system instead of by each VM on the interface device forming the hazelcast backbone comm channel between DataONE machines.

Subtasks

Task #2055: Add iptables rules to restrict HZ port access to CNSClosedChris Jones

Related issues

Related to Infrastructure - Story #1189: Secure transport for all DataONE services Closed

History

#1 Updated by Dave Vieglais over 12 years ago

  • Position set to 24
  • Target version changed from Sprint-2011.42-Block.6 to Sprint-2011.44-Block.6

#2 Updated by Dave Vieglais over 12 years ago

  • Assignee changed from Robert Waltz to Nicholas Dexter

#3 Updated by Dave Vieglais over 12 years ago

  • Target version changed from Sprint-2011.44-Block.6 to Sprint-2011.45-Block.6
  • Position set to 1
  • Position deleted (33)

#4 Updated by Dave Vieglais over 12 years ago

  • Position deleted (12)
  • Position set to 10
  • Target version changed from Sprint-2011.45-Block.6 to Sprint-2011.46-Block.6

#5 Updated by Dave Vieglais over 12 years ago

  • Position deleted (24)
  • Position changed from 1 to 317
  • Position set to 1
  • Target version changed from Sprint-2011.46-Block.6 to Sprint-2011.48-Block.6

#6 Updated by Dave Vieglais over 12 years ago

  • Position deleted (320)
  • Position set to 328
  • Target version changed from Sprint-2011.48-Block.6 to Sprint-2011.49-Block.6

#7 Updated by Dave Vieglais over 12 years ago

  • Target version changed from Sprint-2011.49-Block.6 to Sprint-2012.01-Block.1.1
  • Position deleted (328)
  • Position set to 1

#8 Updated by Dave Vieglais over 12 years ago

  • Position deleted (42)
  • Position changed from 1 to 350
  • Position set to 1
  • Target version changed from Sprint-2012.01-Block.1.1 to Sprint-2012.03-Block.1.2

#9 Updated by Dave Vieglais over 12 years ago

  • Position deleted (350)
  • Position set to 1
  • Target version changed from Sprint-2012.03-Block.1.2 to Sprint-2012.07-Block.1.4

#10 Updated by Dave Vieglais about 12 years ago

  • Position deleted (40)
  • Position set to 25
  • Target version changed from Sprint-2012.07-Block.1.4 to Sprint-2012.09-Block.2.1

#11 Updated by Dave Vieglais about 12 years ago

  • Position deleted (65)
  • Position set to 7
  • Target version changed from Sprint-2012.09-Block.2.1 to Sprint-2012.11-Block.2.2

#12 Updated by Dave Vieglais about 12 years ago

  • Milestone changed from CCI-0.6.4 to CCI-1.0.0
  • Target version deleted (Sprint-2012.11-Block.2.2)

Moving to backlog.

Likely to be fulfilled by VPN for inter-CN traffic. IP restrictions are adequate for now.

#13 Updated by Robert Waltz over 11 years ago

  • Assignee changed from Nicholas Dexter to Chris Brumgard

#14 Updated by Chris Brumgard over 11 years ago

  • Status changed from New to In Progress

Discussing the feasibility of running open VPN on the host boxes with OIT.

#15 Updated by Chris Brumgard over 11 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)