Swift Data Security

Swift services run on each SwiftStack Node and manage the transmission and end location of data within the Swift cluster.

Swift Endpoint Security

Each SwiftStack node presents an HTTP or HTTPS endpoint to the overall Swift cluster. Depending on the configuration chosen in the Controller UI, the endpoint will listen on either port 443 as HTTPS or port 80 as HTTP.

If using an SSL appliance in front of the Swift cluster, one may choose to NOT use SSL at Swift itself.

Note that clusters that do not use any SSL are vulnerable to network traffic snooping.

Swift SSL

When SSL is chosen to be terminated at the nodes, the stud network proxy application is utilized to terminate the SSL before passing the HTTP data on to the Swift proxy server running on the same machine. The following cipher list is used:

HIGH:!aNULL:!MD5

This cipher list allows for only 128 bit or higher TLSv1, TLSv1.1 and TLSv1.2 ciphers.

Swift Network Security

Node to Node Communication

Swift communication between nodes happens via HTTP and is not encrypted. It is assumed that the network between nodes is considered secure.

Node to Node Replication

Swift's eventual consistency with replication utilizes rsync for data transfer between nodes. This traffic is not encrypted. It is assumed that the network between nodes is considered secure.