Posted by: Anonymous Coward
on July 04, 2006 07:45 AM
It's not routable, which means that only that local segment will have access to it. I would, therefore, equip each server on the AoE network with two NICs--one facing the enterprise LAN, and the other facing an isolated VLAN. Only hosts on that isolated VLAN can talk to the AoE network.
This seems like a solution best targeted to small- to medium-sized data centers, where you might have several disk arrays accessible by many servers. The caution would be that, since root on any of these servers can issue a mkfs command against the AoE-exported device, all sysadmins not only must be VERY CAREFUL when formatting a new device, but also they must be even more vigilant than normal with documenting everything about their AoE setup and keeping it up to date. Obviously, you could have more than one export, which would spread out the load.
With the proper precautions taken, I think this could work really well, especially in data centers where physical security is in place.
Learn about Linux
Download Linux
Get Linux help
Re:Security?
Posted by: Anonymous Coward on July 04, 2006 07:45 AMThis seems like a solution best targeted to small- to medium-sized data centers, where you might have several disk arrays accessible by many servers. The caution would be that, since root on any of these servers can issue a mkfs command against the AoE-exported device, all sysadmins not only must be VERY CAREFUL when formatting a new device, but also they must be even more vigilant than normal with documenting everything about their AoE setup and keeping it up to date. Obviously, you could have more than one export, which would spread out the load.
With the proper precautions taken, I think this could work really well, especially in data centers where physical security is in place.
#