Story #1826
Hazelcast communications are insecure
100%
Description
Due to restrictions of the hazelcast client. Hazelcast is sending all communications clear text.
We need to tunnel communications via secure VPN from one machine to the next. I hope all the machines are built with a base system using Linux!
we will require a dedicated network interface on each machine. Each network interface will have a corresponding virtual interface on each VM communicating via hazelcast. Hazelcast will be configured to communicate directly to the interface as specified on the VM for communications.
The overhead of encryption will be performed by the base operating system instead of by each VM on the interface device forming the hazelcast backbone comm channel between DataONE machines.
Subtasks
Related issues
History
#1 Updated by Dave Vieglais about 13 years ago
- Position set to 24
- Target version changed from Sprint-2011.42-Block.6 to Sprint-2011.44-Block.6
#2 Updated by Dave Vieglais about 13 years ago
- Assignee changed from Robert Waltz to Nicholas Dexter
#3 Updated by Dave Vieglais about 13 years ago
- Target version changed from Sprint-2011.44-Block.6 to Sprint-2011.45-Block.6
- Position set to 1
- Position deleted (
33)
#4 Updated by Dave Vieglais about 13 years ago
- Position deleted (
12) - Position set to 10
- Target version changed from Sprint-2011.45-Block.6 to Sprint-2011.46-Block.6
#5 Updated by Dave Vieglais about 13 years ago
- Position deleted (
24) - Position changed from 1 to 317
- Position set to 1
- Target version changed from Sprint-2011.46-Block.6 to Sprint-2011.48-Block.6
#6 Updated by Dave Vieglais about 13 years ago
- Position deleted (
320) - Position set to 328
- Target version changed from Sprint-2011.48-Block.6 to Sprint-2011.49-Block.6
#7 Updated by Dave Vieglais about 13 years ago
- Target version changed from Sprint-2011.49-Block.6 to Sprint-2012.01-Block.1.1
- Position deleted (
328) - Position set to 1
#8 Updated by Dave Vieglais almost 13 years ago
- Position deleted (
42) - Position changed from 1 to 350
- Position set to 1
- Target version changed from Sprint-2012.01-Block.1.1 to Sprint-2012.03-Block.1.2
#9 Updated by Dave Vieglais almost 13 years ago
- Position deleted (
350) - Position set to 1
- Target version changed from Sprint-2012.03-Block.1.2 to Sprint-2012.07-Block.1.4
#10 Updated by Dave Vieglais almost 13 years ago
- Position deleted (
40) - Position set to 25
- Target version changed from Sprint-2012.07-Block.1.4 to Sprint-2012.09-Block.2.1
#11 Updated by Dave Vieglais almost 13 years ago
- Position deleted (
65) - Position set to 7
- Target version changed from Sprint-2012.09-Block.2.1 to Sprint-2012.11-Block.2.2
#12 Updated by Dave Vieglais over 12 years ago
- Milestone changed from CCI-0.6.4 to CCI-1.0.0
- Target version deleted (
Sprint-2012.11-Block.2.2)
Moving to backlog.
Likely to be fulfilled by VPN for inter-CN traffic. IP restrictions are adequate for now.
#13 Updated by Robert Waltz over 12 years ago
- Assignee changed from Nicholas Dexter to Chris Brumgard
#14 Updated by Chris Brumgard about 12 years ago
- Status changed from New to In Progress
Discussing the feasibility of running open VPN on the host boxes with OIT.
#15 Updated by Chris Brumgard about 12 years ago
- Status changed from In Progress to Closed