In OpenStack, we have a shared filesystem service called Manila. It works similarly to Cinder (block storage). With Manila, you can create a shared filesystem and perform management activity such as visibility, accessibility, and usage quota.
The following are the different security mechanisms available in OpenStack for a shared filesystem:
- For authentication and authorization of clients, we can use LDAP, Kerberos, and Windows Active Directory services.
- We must ensure explicit grant access of new file shares. By default, users will not have permission to mount and access the newly created file shares.
- Manila also has an entity called security services, which abstracts the definition of the security domain for a shared file system protocol.
- A shared filesystem also allows us to define security using the following:
- DNS IP of tenant network
- Security service IP or hostname