Hi All. A gentle query-reminder.
I will be grateful if I could be given a brief technical overview, as to how secure-communication occurs between two nodes in a cluster. Please note that I wish for some information on the "how it works below the hood", and NOT "how to set it up". Thanks and Regards, Ajay On Wed, Jan 6, 2016 at 4:16 PM, Ajay Garg <ajaygargn...@gmail.com> wrote: > Thanks everyone for the reply. > > I actually have a fair bit of questions, but it will be nice if someone > could please tell me the flow (implementation-wise), as to how node-to-node > encryption works in a cluster. > > Let's say node1 from DC1, wishes to talk securely to node 2 from DC2 (with > *"require_client_auth: > false*"). > I presume it would be like below (please correct me if am wrong) :: > > a) > node1 tries to connect to node2, using the certificate *as defined on > node1* in cassandra.yaml. > > b) > node2 will confirm if the certificate being offered by node1 is in the > truststore *as defined on node2* in cassandra.yaml. > if it is, secure-communication is allowed. > > > Is my thinking right? > I > > On Wed, Jan 6, 2016 at 1:55 PM, Neha Dave <nehajtriv...@gmail.com> wrote: > >> Hi Ajay, >> Have a look here : >> https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLNodeToNode_t.html >> >> You can configure for DC level Security: >> >> Procedure >> >> On each node under sever_encryption_options: >> >> - Enable internode_encryption. >> The available options are: >> - all >> - none >> - dc: Cassandra encrypts the traffic between the data centers. >> - rack: Cassandra encrypts the traffic between the racks. >> >> regards >> >> Neha >> >> >> >> On Wed, Jan 6, 2016 at 12:48 PM, Singh, Abhijeet <absi...@informatica.com >> > wrote: >> >>> Security is a very wide concept. What exactly do you want to achieve ? >>> >>> >>> >>> *From:* Ajay Garg [mailto:ajaygargn...@gmail.com] >>> *Sent:* Wednesday, January 06, 2016 11:27 AM >>> *To:* user@cassandra.apache.org >>> *Subject:* Basic query in setting up secure inter-dc cluster >>> >>> >>> >>> Hi All. >>> >>> We have a 2*2 cluster deployed, but no security as of now. >>> >>> As a first stage, we wish to implement inter-dc security. >>> >>> Is it possible to enable security one machine at a time? >>> >>> For example, let's say the machines are DC1M1, DC1M2, DC2M1, DC2M2. >>> >>> If I make the changes JUST IN DC2M2 and restart it, will the traffic >>> between DC1M1/DC1M2 and DC2M2 be secure? Or security will kick in ONLY >>> AFTER the changes are made in all the 4 machines? >>> >>> Asking here, because I don't want to screw up a live cluster due to my >>> lack of experience. >>> >>> Looking forward to some pointers. >>> >>> >>> -- >>> >>> Regards, >>> Ajay >>> >> >> > > > -- > Regards, > Ajay > -- Regards, Ajay
