On 12/01/2011 7:17, Gary Smith wrote:
If the answer to the above question is no, then how can one secure a
Riak system properly?
Put an apache (or whatever) server in front and proxy the requests accordingly
and setup the security through the underlying web service.
You -> [ apache -> riak ] (where [] is the box).
Or
You -> apache -> riak (where riak only allows requests from the apache server
via the firewall on the riak server -- such as iptables)
Thanks.
In fact, I am planning to run a GWT application on Tomcat. Since it may
grow beyond a single server's capacity (in terms of connections &
users), I must implement some load balancing solution too. I also want
minimum hassle regarding replications, which Riak seems to provide.
I want to be able to add/remove nodes as easily as possible. The system
should be able to support the failure of nodes too.
I am starting to think about the following:
Users -> [ Apache + load balance ] -> [ Tomcat 1 -> Riak 1 ]
-> [ Tomcat
2 -> Riak 2 ]
-> [ Tomcat
3 -> Riak 3 ]
-> [ Tomcat
4 -> Riak 4 ]
-> ...
Only the Apache machine would have access to the TC + Riak machines
(firewalll filtering on IP). The TC + Riak machines would also only give
access to other TC + Riak machines to let Riak operate.
Does this make sense? Has anyone tried this with Riak? Is there a better
solution?
That last issue I need to solve is if the Apache server fails... but
this is another topic!
Thanks,
Jérôme
_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
