Also, wondering what is the difference between "all" and "dc" in "internode_encryption". Perhaps my answer lies in this?
On Mon, Apr 18, 2016 at 9:51 AM, Ajay Garg <ajaygargn...@gmail.com> wrote: > Ok, trying to wake up this thread again. > > I went through the following links :: > > > https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLNodeToNode_t.html > > https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLCertificates_t.html > > > and I am wondering *if it is possible to setup secure inter-communication > only between some nodes*. > > In particular, if I have a 2*2 cluster, is it possible to setup secure > communication ONLY between the nodes of DC2? > Once it works well, we would then setup secure-communication everywhere. > > We are wanting this, because DC2 is the backup centre, while DC1 is the > primary-centre connected directly to the application-server. We don't want > to screw things if something goes bad in DC1. > > > Will be grateful for pointers. > > > Thanks and Regards, > Ajay > > On Sun, Jan 17, 2016 at 9:09 PM, Ajay Garg <ajaygargn...@gmail.com> wrote: > >> Hi All. >> >> A gentle query-reminder. >> >> I will be grateful if I could be given a brief technical overview, as to >> how secure-communication occurs between two nodes in a cluster. >> >> Please note that I wish for some information on the "how it works below >> the hood", and NOT "how to set it up". >> >> >> >> Thanks and Regards, >> Ajay >> >> On Wed, Jan 6, 2016 at 4:16 PM, Ajay Garg <ajaygargn...@gmail.com> wrote: >> >>> Thanks everyone for the reply. >>> >>> I actually have a fair bit of questions, but it will be nice if someone >>> could please tell me the flow (implementation-wise), as to how node-to-node >>> encryption works in a cluster. >>> >>> Let's say node1 from DC1, wishes to talk securely to node 2 from DC2 >>> (with *"require_client_auth: false*"). >>> I presume it would be like below (please correct me if am wrong) :: >>> >>> a) >>> node1 tries to connect to node2, using the certificate *as defined on >>> node1* in cassandra.yaml. >>> >>> b) >>> node2 will confirm if the certificate being offered by node1 is in the >>> truststore *as defined on node2* in cassandra.yaml. >>> if it is, secure-communication is allowed. >>> >>> >>> Is my thinking right? >>> I >>> >>> On Wed, Jan 6, 2016 at 1:55 PM, Neha Dave <nehajtriv...@gmail.com> >>> wrote: >>> >>>> Hi Ajay, >>>> Have a look here : >>>> https://docs.datastax.com/en/cassandra/1.2/cassandra/security/secureSSLNodeToNode_t.html >>>> >>>> You can configure for DC level Security: >>>> >>>> Procedure >>>> >>>> On each node under sever_encryption_options: >>>> >>>> - Enable internode_encryption. >>>> The available options are: >>>> - all >>>> - none >>>> - dc: Cassandra encrypts the traffic between the data centers. >>>> - rack: Cassandra encrypts the traffic between the racks. >>>> >>>> regards >>>> >>>> Neha >>>> >>>> >>>> >>>> On Wed, Jan 6, 2016 at 12:48 PM, Singh, Abhijeet < >>>> absi...@informatica.com> wrote: >>>> >>>>> Security is a very wide concept. What exactly do you want to achieve ? >>>>> >>>>> >>>>> >>>>> *From:* Ajay Garg [mailto:ajaygargn...@gmail.com] >>>>> *Sent:* Wednesday, January 06, 2016 11:27 AM >>>>> *To:* user@cassandra.apache.org >>>>> *Subject:* Basic query in setting up secure inter-dc cluster >>>>> >>>>> >>>>> >>>>> Hi All. >>>>> >>>>> We have a 2*2 cluster deployed, but no security as of now. >>>>> >>>>> As a first stage, we wish to implement inter-dc security. >>>>> >>>>> Is it possible to enable security one machine at a time? >>>>> >>>>> For example, let's say the machines are DC1M1, DC1M2, DC2M1, DC2M2. >>>>> >>>>> If I make the changes JUST IN DC2M2 and restart it, will the traffic >>>>> between DC1M1/DC1M2 and DC2M2 be secure? Or security will kick in ONLY >>>>> AFTER the changes are made in all the 4 machines? >>>>> >>>>> Asking here, because I don't want to screw up a live cluster due to my >>>>> lack of experience. >>>>> >>>>> Looking forward to some pointers. >>>>> >>>>> >>>>> -- >>>>> >>>>> Regards, >>>>> Ajay >>>>> >>>> >>>> >>> >>> >>> -- >>> Regards, >>> Ajay >>> >> >> >> >> -- >> Regards, >> Ajay >> > > > > -- > Regards, > Ajay > -- Regards, Ajay