Matt Wise 2013-03-08, 23:13
No thoughts on encrypting and authenticating zookeeper-to-zookeeper communication?
On Mar 8, 2013, at 3:13 PM, Matt Wise <[EMAIL PROTECTED]> wrote:
> Currently we run Zookeeper out on the big bad scary internet using Stunnel as an encryption and authentication system for our clients. Our single 5-node Zookeeper quorum is in a single datacenter where we can control network access and feel reasonably safe.
> I've been thinking about scale recently, and I would love to be able to put Zookeeper Observer nodes in each of our regions. We don't use VPC or any other network-to-network tunneling technology. Stunnel is simple when you have one client, and one endpoint, but it sucks when you have multiple servers all trying to talk to each other.
> Are there any plans to add SSL support to Zookeeper? Specifically to its own private cluster communication ports? If not, what about running a Zookeeper Observer in a "client" mode where I can point it to any of our 5 quorum servers, and it acts as a kind of proxy for data -- without really "joining" the cluster?
Edward Ribeiro 2013-03-16, 19:24