Locking a cluster for security

  • Thread starter Thread starter Loïc
  • Start date Start date
L

Loïc

Guest
Hello,

first, thanks a lot for ProxMox, I have 4 servers running smoothly (2 in 1.5 and 2 in 1.7) and I am really pleased by the ease of use. Great work!

What I wonder now is how to remove the maximum number of running elements from the system for security reason. Especially, I would like my cluster nodes, which are not the master, to be as much as possible "locked".

If I understood the architecture correctly, I can stop Apache on the "slave" nodes and it will not affect the cluster and the ability to control everything from the GUI on the "master" node, right?

Basically, I need on each slave to always have:

pvedaemon - the soap interface for the master to communicate with the slave.
pvetunnel - the ssh tunnel for the inter node communication in a secure way
pvemirror - the daemon to mirror data between the clusters

And the Apache GUI can be stopped.

Second question, if I open a console to access a VM on a non master node with the java applet, will it go through the PVE tunnel or is it a direct connection with some kind of cookie based authentication magic?

Thanks again,
loïc
 
I do not see any security benefit it you stop services. we never test such special setups.

the java VNC console is not encrypted in the moments, the VNC console in the upcoming 2.x release is encrypted (already finished but nothing released yet).
 
tom, if you stop the unnecessary services you automatically get more security as you have one component less with possible security issues to manage. Apache has some security updates on a regular basis. So, running only the very necessary components is always good.

For the java VNC, does it means that it connects directly to the "slave" node or is the connection going through the SSH tunnel between the slave and the master? This is to know which ports to keep open on the slave node.

thanks in advance,
loïc
 
in theory you are right but if you got a hacker on your cluster its pretty useless if you run just the apache on your master only. just make sure you got always the latest versions, do regular updates.

VNC uses ports between 5900 and 5999. upcoming 2.x will do everything on one port (AFAIK).
 
Loïc said:
For the java VNC, does it means that it connects directly to the "slave" node or is the connection going through the SSH tunnel between the slave and the master?
Click to expand...

Yes, VNC traffic is tunneled via SSL from master to slave.
 
Thanks a lot for the answers, this is great. I start to have a better understanding of the architecture now. What is good is that I can basically lock done the slaves to have only master as the entry point. This will help a lot in securing the system.
 
Loïc said:
Thanks a lot for the answers, this is great. I start to have a better understanding of the architecture now. What is good is that I can basically lock done the slaves to have only master as the entry point. This will help a lot in securing the system.
Click to expand...
Hi,
i'm think this is not right. Perhaps you have a little bit more security (this can not be very much, because the services runs on the master - and the way between master and node are very short).
But you lost a lot reliability of the production process - if your master fail, you normaly make a node to the new master and all VMs which are running on the other nodes are accessible. But without apache on this node, you must first bring the new master in the old condition. This takes time, which you urgend need to repair the old master...

Only my opinion.

Udo
 
You must log in or register to reply here.
Top Bottom