Administrator’s Command Line Guide

Table Of Contents

Chapter 5. Managing Storage Cluster Security

The speciﬁed address will then be used for MDS interconnection and intercommunication with the

other servers in the cluster.

2. Set up a chunk server:

# vstorage -c Cluster-Name make-cs -r CS-Directory

Once it is created, the chunk server connects to the MDS server and binds to the IP address it uses to

establish the connection. If the chunk server has several networks cards, you can explicitly assign the

chunk server to the IP address of a speciﬁc network card so that all communication between the chunk

and MDS servers is carried out via this IP address.

To bind a chunk server to a custom IP address, pass the -a option to the vstorage make-cs command

when you create the chunk server:

# vstorage make-cs -r CS-Directory -a Custom-IP-Address

Note: A custom IP address must belong to the BackNet not to compromise your cluster security.

3. Mount the cluster on the client:

# vstorage-mount -c Cluster-Name Mount-Directory

Once the cluster is mounted, the client connects to the MDS and chunk server IP addresses.

This example conﬁguration provides a high level of security for server communication because the MDS

server, the chunk server, and the client are located on the isolated internal network and cannot be

compromised.

5.3 Password-based Authentication

Acronis Storage uses password-based authentication to enhance security in clusters. You have to pass the

authentication phase before you can add a new server to the cluster.

Password-based authentication works as follows:

1. You set the authentication password when you create the ﬁrst MDS server in the cluster. The password

you specify is encrypted and saved into the /etc/vstorage/clusters/stor1/auth_digest.key ﬁle on the

server.

2. You add new MDS servers, chunk servers, or clients to the cluster and use the vstorage auth-node