Thanks everyone for the reply. I actually have a fair bit of questions, but it will be nice if someone could please tell me the flow (implementation-wise), as to how node-to-node encryption works in a cluster.
Let's say node1 from DC1, wishes to talk securely to node 2 from DC2 (with *"require_client_auth: false*"). I presume it would be like below (please correct me if am wrong) :: a) node1 tries to connect to node2, using the certificate *as defined on node1* in cassandra.yaml. b) node2 will confirm if the certificate being offered by node1 is in the truststore *as defined on node2* in cassandra.yaml. if it is, secure-communication is allowed. Is my thinking right? I On Wed, Jan 6, 2016 at 1:55 PM, Neha Dave <nehajtriv...@gmail.com> wrote: > Hi Ajay, > Have a look here : > https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLNodeToNode_t.html > > You can configure for DC level Security: > > Procedure > > On each node under sever_encryption_options: > > - Enable internode_encryption. > The available options are: > - all > - none > - dc: Cassandra encrypts the traffic between the data centers. > - rack: Cassandra encrypts the traffic between the racks. > > regards > > Neha > > > > On Wed, Jan 6, 2016 at 12:48 PM, Singh, Abhijeet <absi...@informatica.com> > wrote: > >> Security is a very wide concept. What exactly do you want to achieve ? >> >> >> >> *From:* Ajay Garg [mailto:ajaygargn...@gmail.com] >> *Sent:* Wednesday, January 06, 2016 11:27 AM >> *To:* user@cassandra.apache.org >> *Subject:* Basic query in setting up secure inter-dc cluster >> >> >> >> Hi All. >> >> We have a 2*2 cluster deployed, but no security as of now. >> >> As a first stage, we wish to implement inter-dc security. >> >> Is it possible to enable security one machine at a time? >> >> For example, let's say the machines are DC1M1, DC1M2, DC2M1, DC2M2. >> >> If I make the changes JUST IN DC2M2 and restart it, will the traffic >> between DC1M1/DC1M2 and DC2M2 be secure? Or security will kick in ONLY >> AFTER the changes are made in all the 4 machines? >> >> Asking here, because I don't want to screw up a live cluster due to my >> lack of experience. >> >> Looking forward to some pointers. >> >> >> -- >> >> Regards, >> Ajay >> > > -- Regards, Ajay
