| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tony Xu <tony(dot)xu(at)rubrik(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Would PostgreSQL 16 native transparent data encryption support database level encryption? |
| Date: | 2023-05-18 23:47:00 |
| Message-ID: | ZGa49CRDJoIfWa/a@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Greetings,
Really, please don't top-post on these lists.
* Tony Xu (tony(dot)xu(at)rubrik(dot)com) wrote:
> Regarding the multiple clusters idea, how does that work? Assume we can
> store one customer's data in one cluster, is it possible to have separate
> KEK for different clusters?
In the proposed TDE work, yes, each cluster (which is an entier
PostgreSQL system) would be able to have its own KEK.
> Why not using multiple clusters then?
There's a bit of overhead from each cluster and each would have their
own shared buffers pool of memory and such.
> Better isolation of the customers, but still on one server.
Depending on the OS, multi-cluster management on a given system is
easier or harder. In my view, at least, Debian systems make having
multiple clusters on a given server a lot easier as they have
pg_createcluster, pg_lsclusters, etc, commands and management tools.
Another alternative would be to use container technology and Kubernetes
or OpenShift and a PG Operator to manage all the clusters across
whatever systems you're running on top of.
Of course, there are trade-offs to consider between all of these
different approaches.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2023-05-18 23:53:58 | Re: Adding SHOW CREATE TABLE |
| Previous Message | Tony Xu | 2023-05-18 23:42:13 | Re: Would PostgreSQL 16 native transparent data encryption support database level encryption? |