[ClusterLabs] Question regarding the security of corosync

Antony Stone Antony.Stone at ha.open.source.it
Tue Jun 21 19:27:25 EDT 2022


On Friday 17 June 2022 at 11:39:14, Mario Freytag wrote:

> I’d like to ask about the security of corosync. We’re using a Proxmox HA
> setup in our testing environment and need to confirm it’s compliance with
> PCI guidelines.
> 
> We have a few questions:
> 
> Is the communication encrypted?
> What method of encryption is used?
> What method of authentication is used?
> What is the recommended way of separation for the corosync network? VLAN?

Your first three questions are probably well-answered by 
https://github.com/fghaas/corosync/blob/master/SECURITY

For the fourth, I agree with Jan Friesse - a dedicated physical network is 
best; a dedicated VLAN is second best.


Antony.

-- 
There's no such thing as bad weather - only the wrong clothes.

 - Billy Connolly

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the Users mailing list