5.2. Securing Server Communication in Clusters¶
A Virtuozzo Storage cluster can contain three types of servers:
- MDS servers
- chunk servers
During cluster operation, the servers communicate with each other. To secure their communication, you should keep all servers on an isolated private network—BackNet. The figure below shows an example cluster configuration where all servers are set up on the BackNet.
The process of deploying such a configuration can be described as follows:
You create the cluster by making the MDS server and specifying one of its IP addresses:
# vstorage -c Cluster-Name make-mds -I -a MDS-IP-Address -r Journal-Directory -p
The specified address will then be used for MDS interconnection and intercommunication with the other servers in the cluster.
You set up a chunk server:
# vstorage -c Cluster-Name make-cs -r CS-Directory
Once it is created, the chunk server connects to the MDS server and binds to the IP address it uses to establish the connection. If the chunk server has several networks cards, you can explicitly assign the chunk server to the IP address of a specific network card so that all communication between the chunk and MDS servers is carried out via this IP address.
To bind a chunk server to a custom IP address, you pass the
-aoption to the
vstorage make-cscommand when you create the chunk server:
# vstorage make-cs -r CS-Directory -a Custom-IP-Address
A custom IP address must belong to the BackNet not to compromise your cluster security.
You mount the cluster on the client:
# vstorage-mount -c Cluster-Name Mount-Directory
Once the cluster is mounted, the client connects to the MDS and chunk server IP addresses.
This example configuration provides a high level of security for server communication because the MDS server, the chunk server, and the client are located on the isolated BackNet and cannot be compromised.