Re: Query: Storm SSL Support

[Ethan Li]

No problem. Thanks Harish. 

> On Jun 30, 2020, at 5:12 PM, Kadirompalli Venkatashivareddy, Harish Kumar 
> <harish.kumar.kadirompalli.venkatashivare...@sap.com> wrote:
> 
> Thanks a lot Ethan. Your suggestions are very much appreciated.
> We will evaluate the suggestions you provided based on the project timelines 
> we have. I truly hope we can contribute to the community as well
>  
> Regards,
> -Harish
>  
> From: Ethan Li <ethanopensou...@gmail.com>
> Reply-To: "user@storm.apache.org" <user@storm.apache.org>
> Date: Tuesday, June 30, 2020 at 3:09 PM
> To: "user@storm.apache.org" <user@storm.apache.org>
> Cc: "dev-h...@storm.apache.org" <dev-h...@storm.apache.org>, "Dastoor, 
> Phiroze" <phiroze.dast...@sap.com>, "Sapsford, Joe" <joe.sapsf...@sap.com>
> Subject: Re: Query: Storm SSL Support
>  
> Hi Harish,
>  
> As far as I know,  storm doesn’t have encryption between daemons (nimbus<—> 
> supervisor, supervisor<—> supervisor) at this point. Yes we should be able to 
> use SSL enabled thrift. But it is hard (at least for me) to say how much work 
> is needed without looking into it. Contribution on this is very much welcome.
>  
>  
> By the way, for inter-worker communication, you can use 
> BlowfishTupleSerializer: 
> https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/serialization/BlowfishTupleSerializer.java#L32
>  
> <https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/serialization/BlowfishTupleSerializer.java#L32>
>  
> But it has a great impact on performance. So you need to evaluate throughly 
> before using it. 
>  
> Thanks
>  
> -Ethan
> 
> 
>> On Jun 19, 2020, at 12:53 PM, Kadirompalli Venkatashivareddy, Harish Kumar 
>> <harish.kumar.kadirompalli.venkatashivare...@sap.com 
>> <mailto:harish.kumar.kadirompalli.venkatashivare...@sap.com>> wrote:
>>  
>> Hello Team,
>>                 We have been using Apache Storm for building data pipelines 
>> in our company.
>>                 We have some sensitive data and we would like to know if 
>> storm provides TLS support in the communication channels with in storm 
>> cluster (Nimbus -> Supervisor, Supervisor -> Supervisor).
>>                 I went over the Apache Storm documentation and 
>> foundhttp://storm.apache.org/releases/1.2.3/SECURITY.html 
>> <http://storm.apache.org/releases/1.2.3/SECURITY.html>.
>>               Documentation suggests to use IPSec for any data encryption. 
>> It doesn’t provide how to configure SSL at socket layer communications.
>>  
>>             Only option what we see as of now is to change the storm code to 
>> use SSL enabled thrift classes and also use SSL enabled jetty. If anybody 
>> from d...@storm.apache.org <mailto:d...@storm.apache.org> can answer how 
>> complicated changing storm code can be for this. It will be very helpful ☺
>>             We understand these changes add on to major maintenance cycles 
>> on our side. So before doing any change, we would like to check if there is 
>> any way we can add TLS support for our storm cluster through some 
>> configuration or any other means.
>>  
>> Harish Kumar K V
>> Senior Software Engineer, Search
>> M: +1 (408) 313 5574
>> <image001.png>