Currently we run Zookeeper out on the big bad scary internet using Stunnel as an encryption and authentication system for our clients. Our single 5-node Zookeeper quorum is in a single datacenter where we can control network access and feel reasonably safe.
I've been thinking about scale recently, and I would love to be able to put Zookeeper Observer nodes in each of our regions. We don't use VPC or any other network-to-network tunneling technology. Stunnel is simple when you have one client, and one endpoint, but it sucks when you have multiple servers all trying to talk to each other.
Are there any plans to add SSL support to Zookeeper? Specifically to its own private cluster communication ports? If not, what about running a Zookeeper Observer in a "client" mode where I can point it to any of our 5 quorum servers, and it acts as a kind of proxy for data -- without really "joining" the cluster?
Matt Wise 2013-03-16, 16:38
Edward Ribeiro 2013-03-16, 19:24