6.2. Securing Server Communication in the Cluster¶
A Virtuozzo Storage cluster can contain three types of servers:
During cluster operation, the servers communicate with each other. To secure their communication, you should keep all servers on an isolated private network—BackNet. The figure below shows an example cluster configuration where all servers are set up on the BackNet.
The process of deploying such a configuration can be described as follows:
Create the cluster by making the MDS server and specifying one of its IP addresses:
# vstorage -c Cluster-Name make-mds -I -a MDS-IP-Address -r Journal-Directory -p
The specified address will then be used for MDS interconnection and intercommunication with the other servers in the cluster.
Set up a chunk server:
# vstorage -c Cluster-Name make-cs -r CS-Directory
Once it is created, the chunk server connects to the MDS server and binds to the IP address it uses to establish the connection. If the chunk server has several networks cards, you can explicitly assign the chunk server to the IP address of a specific network card so that all communication between the chunk and MDS servers is carried out via this IP address.
To bind a chunk server to a custom IP address, you pass the
-aoption to the
vstorage make-cscommand when you create the chunk server:
# vstorage make-cs -r CS-Directory -a Custom-IP-Address
A custom IP address must belong to the BackNet not to compromise your cluster security.
Mount the cluster on the client:
# vstorage-mount -c Cluster-Name Mount-Directory
Once the cluster is mounted, the client connects to the MDS and chunk server IP addresses.
This example configuration provides a high level of security for server communication because the MDS server, the chunk server, and the client are located on the isolated BackNet and cannot be compromised.