Hi, thank you, Dmitriy. Implementing the processor is surely an option, shouldn't even be complex. I just wondered if there was something OOTB. I'll see if we could contribute this.
Best wishes, Alexey On Thu, Jul 30, 2015 at 9:39 PM, Dmitriy Setrakyan <[email protected]> wrote: > > > On Thu, Jul 30, 2015 at 7:37 AM, Aleksei Valikov < > [email protected]> wrote: > >> Hi, >> >> I'm considering Apache Ignite for a distributed computing application. I >> have a question about security. >> >> We'll have a central node which will run all the time (the application >> server) and a number of nodes which will join/leave the cluster in the >> runtime (we'll use AWS to add new computing resources on demand). I guess >> we'll need to use the static IP-based discovery for this scenario. >> > > Either static IP [1] or AWS-based discovery [2]. > > [1] - > https://apacheignite.readme.io/docs/cluster-config#static-ip-based-discovery > [2] - https://apacheignite.readme.io/docs/aws-config > > >> I've found the following post: >> http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/ >> >> This is a step into the right direction. However, whitelisting IPs is not >> an option in case of dynamic IP addresses (which we probably have in AWS). >> >> So I'd like to ask for advice on how to secure the Ignite cluster, for >> instance with some pre-shared secret. Is there any support for this OOTB? >> > > I think you will need to provide your own plugin provider, just like the > blog post describes. However, instead of whitelisting IPs, you implement > your GridSecurityProcessor with your own implementation of > authenticateNode() method. > > You can implement it as you like, e.g. check username/password or > authenticate a client or a node against an LDAP server or anything of the > sort. > > >> >> Many thanks and best wishes, >> Alexey >> > >
