- Allow trusted storage nodes only in the peer set.
- Restrict management ports to cluster networks.
- Use firewall rules to deny unknown hosts from brick traffic.
¶ Authentication and Transport
- Configure TLS for management and data channels when available.
- Use strong cert/key permissions on each node.
- Avoid exposing GlusterFS endpoints directly to public networks.
- Apply export restrictions and mount options per client role.
- Minimize write access and separate sensitive datasets.
- Monitor split-brain and heal events for abnormal patterns.
¶ Backup and Recovery
- Keep independent backups; replication is not backup.
- Test restore and volume recovery procedures regularly.
- Document and rehearse node-loss recovery steps.