5.2. Securing Node Communication in the Storage ClusterΒΆ
A storage cluster can contain three types of servers:
- MDS servers
- chunk servers
- clients
During cluster operation, the servers communicate with each other. To secure their communication, you should keep all servers on an isolated internal network.
The process of deploying such a setup is as follows:
Create the storage cluster by making the MDS server and specifying one of its IP addresses:
# vstorage -c Cluster-Name make-mds -I -a MDS-IP-Address -r Journal-Directory -p
The specified address will then be used for MDS interconnection and intercommunication with the other servers in the cluster.
Set up a chunk server:
# vstorage -c Cluster-Name make-cs -r CS-Directory
Once it is created, the chunk server connects to the MDS server and binds to the IP address it uses to establish the connection. If the chunk server has several networks cards, you can explicitly assign the chunk server to the IP address of a specific network card so that all communication between the chunk and MDS servers is carried out via this IP address.
To bind a chunk server to a custom IP address, pass the
-a
option to thevstorage make-cs
command when you create the chunk server:# vstorage make-cs -r CS-Directory -a Custom-IP-Address
Note
A custom IP address must belong to the BackNet not to compromise your cluster security.
Mount the cluster on the client:
# vstorage-mount -c Cluster-Name Mount-Directory
Once the cluster is mounted, the client connects to the MDS and chunk server IP addresses.
This example configuration provides a high level of security for server communication because the MDS server, the chunk server, and the client are located on the isolated internal network and cannot be compromised.