Re: [Vrs-development] Cluster image security/privacy question

From: Bill Lance
Subject: Re: [Vrs-development] Cluster image security/privacy question
Date: Thu, 2 May 2002 05:44:56 -0700 (PDT)

--- Chris Smith <address@hidden> wrote:
> Each domain (ie an LDS node) is namespaced (like the
> ID you talk about, but 
> assigned by the owner of the LDS to be something
> unique such as 
> 'BillsLDS.somewhere.bill.has.his.machine.com'), 

A lot of the potential machines in a VRS would not
have a domain name, at least not one discoverable with
an external DNS.  Also, it would require an extra DNS
lookup traffic for every transation

> when one LDS sends a 
> message or requests a resource from another LDS, it
> does so through 
> namespacing. ie Sending the data request 
> 'BillsLDS.<snip>.com:/LDS/CM/GetSomeResource' causes
> Goldwater to route that 
> straight to whatever LDS is identified by the
> BillsLDS namespace.... and you 
> can even send messages to
> '*:/LDS/CM/WhoWantsThisMsg' (which is the same as 
> sending to '/LDS/CM/WhoWantsThisMsg') - there are no
> IP addresses involved, 
> Goldwater does it all in the background - but it has
> to maintain an IP <-> 
> namespace table at each node.
> Is this going to be a problem?  It really stuffs
> things up if it is as I was 
> kind of hoping that the whole Goldwater Domain
> concept would allow us to 
> build the cluster without ever having to think about
> the network, and be 
> comfortable that if Goldwater says that an LDS is
> present, then it IS 
> present, because of all the sanity checks and
> polling that Goldwater does in 
> the background.
> I suppose I could get Goldwater to 'hide' the IP
> addresses (so they can't be 
> viewed through the administration tool), or even
> look them up on demand - but 
> they've got to be stored 'somewhere' ultimately.

I don't see any problem with the IP numbers being
exposed to administrative nodes.  At this point, we
are not worried about anynonimity of the LDS hosts in
a VRS.

