Ok, trying to wake up this thread again. I went through the following links ::
https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLNodeToNode_t.html https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLCertificates_t.html and I am wondering *if it is possible to setup secure inter-communication only between some nodes*. In particular, if I have a 2*2 cluster, is it possible to setup secure communication ONLY between the nodes of DC2? Once it works well, we would then setup secure-communication everywhere. We are wanting this, because DC2 is the backup centre, while DC1 is the primary-centre connected directly to the application-server. We don't want to screw things if something goes bad in DC1. Will be grateful for pointers. Thanks and Regards, Ajay On Sun, Jan 17, 2016 at 9:09 PM, Ajay Garg <ajaygargn...@gmail.com> wrote: > Hi All. > > A gentle query-reminder. > > I will be grateful if I could be given a brief technical overview, as to > how secure-communication occurs between two nodes in a cluster. > > Please note that I wish for some information on the "how it works below > the hood", and NOT "how to set it up". > > > > Thanks and Regards, > Ajay > > On Wed, Jan 6, 2016 at 4:16 PM, Ajay Garg <ajaygargn...@gmail.com> wrote: > >> Thanks everyone for the reply. >> >> I actually have a fair bit of questions, but it will be nice if someone >> could please tell me the flow (implementation-wise), as to how node-to-node >> encryption works in a cluster. >> >> Let's say node1 from DC1, wishes to talk securely to node 2 from DC2 >> (with *"require_client_auth: false*"). >> I presume it would be like below (please correct me if am wrong) :: >> >> a) >> node1 tries to connect to node2, using the certificate *as defined on >> node1* in cassandra.yaml. >> >> b) >> node2 will confirm if the certificate being offered by node1 is in the >> truststore *as defined on node2* in cassandra.yaml. >> if it is, secure-communication is allowed. >> >> >> Is my thinking right? >> I >> >> On Wed, Jan 6, 2016 at 1:55 PM, Neha Dave <nehajtriv...@gmail.com> wrote: >> >>> Hi Ajay, >>> Have a look here : >>> https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLNodeToNode_t.html >>> >>> You can configure for DC level Security: >>> >>> Procedure >>> >>> On each node under sever_encryption_options: >>> >>> - Enable internode_encryption. >>> The available options are: >>> - all >>> - none >>> - dc: Cassandra encrypts the traffic between the data centers. >>> - rack: Cassandra encrypts the traffic between the racks. >>> >>> regards >>> >>> Neha >>> >>> >>> >>> On Wed, Jan 6, 2016 at 12:48 PM, Singh, Abhijeet < >>> absi...@informatica.com> wrote: >>> >>>> Security is a very wide concept. What exactly do you want to achieve ? >>>> >>>> >>>> >>>> *From:* Ajay Garg [mailto:ajaygargn...@gmail.com] >>>> *Sent:* Wednesday, January 06, 2016 11:27 AM >>>> *To:* user@cassandra.apache.org >>>> *Subject:* Basic query in setting up secure inter-dc cluster >>>> >>>> >>>> >>>> Hi All. >>>> >>>> We have a 2*2 cluster deployed, but no security as of now. >>>> >>>> As a first stage, we wish to implement inter-dc security. >>>> >>>> Is it possible to enable security one machine at a time? >>>> >>>> For example, let's say the machines are DC1M1, DC1M2, DC2M1, DC2M2. >>>> >>>> If I make the changes JUST IN DC2M2 and restart it, will the traffic >>>> between DC1M1/DC1M2 and DC2M2 be secure? Or security will kick in ONLY >>>> AFTER the changes are made in all the 4 machines? >>>> >>>> Asking here, because I don't want to screw up a live cluster due to my >>>> lack of experience. >>>> >>>> Looking forward to some pointers. >>>> >>>> >>>> -- >>>> >>>> Regards, >>>> Ajay >>>> >>> >>> >> >> >> -- >> Regards, >> Ajay >> > > > > -- > Regards, > Ajay > -- Regards, Ajay
