On Tue, 11 Mar 2014 10:23:19 -0700
Prakash Surya <surya1(a)llnl.gov> wrote:
Hi,
All the documentation I've seen states that the oVirt NFS storage should
use the "all_squash,anonuid=36,anongid=36" options. Obviously this isn't
secure, so I'm curious how others have locked down their NFS storage? Is
the best option to just limit access to these NFS exports to the IP
addresses of the hypervisor nodes (and maybe the engine)? Is there a
better way to go about this?
Run vlans and have some active monitoring for physical ports up|down
states etc... If you cannot control your environment then ask yourself
if you trust your infrastructure provider at all.
You can run kerberized NFS etc... but what about kerberos security? The
beginning is trust towards your infrastructure.
j.