@billwear In earlier versions of MAAS, RPC communication between region and rack was plain-text. To the best of my awareness this is still true.
Unless the developers have fixed this security flaw, it should be part of your securing/hardening documentation to encrypt this traffic with a 3rd party tool like IPSEC.
