Thanks a lot Ethan. Your suggestions are very much appreciated. We will evaluate the suggestions you provided based on the project timelines we have. I truly hope we can contribute to the community as well
Regards, -Harish From: Ethan Li <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Tuesday, June 30, 2020 at 3:09 PM To: "[email protected]" <[email protected]> Cc: "[email protected]" <[email protected]>, "Dastoor, Phiroze" <[email protected]>, "Sapsford, Joe" <[email protected]> Subject: Re: Query: Storm SSL Support Hi Harish, As far as I know, storm doesn’t have encryption between daemons (nimbus<—> supervisor, supervisor<—> supervisor) at this point. Yes we should be able to use SSL enabled thrift. But it is hard (at least for me) to say how much work is needed without looking into it. Contribution on this is very much welcome. By the way, for inter-worker communication, you can use BlowfishTupleSerializer: https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/serialization/BlowfishTupleSerializer.java#L32 But it has a great impact on performance. So you need to evaluate throughly before using it. Thanks -Ethan On Jun 19, 2020, at 12:53 PM, Kadirompalli Venkatashivareddy, Harish Kumar <[email protected]<mailto:[email protected]>> wrote: Hello Team, We have been using Apache Storm for building data pipelines in our company. We have some sensitive data and we would like to know if storm provides TLS support in the communication channels with in storm cluster (Nimbus -> Supervisor, Supervisor -> Supervisor). I went over the Apache Storm documentation and foundhttp://storm.apache.org/releases/1.2.3/SECURITY.html. Documentation suggests to use IPSec for any data encryption. It doesn’t provide how to configure SSL at socket layer communications. Only option what we see as of now is to change the storm code to use SSL enabled thrift classes and also use SSL enabled jetty. If anybody from [email protected]<mailto:[email protected]> can answer how complicated changing storm code can be for this. It will be very helpful ☺ We understand these changes add on to major maintenance cycles on our side. So before doing any change, we would like to check if there is any way we can add TLS support for our storm cluster through some configuration or any other means. Harish Kumar K V Senior Software Engineer, Search M: +1 (408) 313 5574 <image001.png>
