cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Standefer <...@simplegeo.com>
Subject Re: Authentication
Date Tue, 13 Jul 2010 21:23:18 GMT
Err, find it *unrealistic*

-Ben


On Tue, Jul 13, 2010 at 2:22 PM, Ben Standefer <ben@simplegeo.com> wrote:

> Many apps would find it realistic or feasible to failover database
> connections across the country (going from <1ms latency to ~90ms latency).
>  The scheme of failing over client database connections across the country
> is probably the minority case.  SSL between Cassandra nodes, even without
> encryption in the clients connecting to a Cassandra node, would still be
> very useful if you want to mirror infrastructure in different parts of the
> world to provide users with localized low-latency access.  Failover for end
> users would happen at the data center level with DNS-based load balancing (
> http://dyn.com/dynect-traffic-management).  If a client could not connect
> to a node in it's data center, it is probably indicative of the whole data
> center having issues.  We're fine with client connections to Cassandra not
> being encrypted, because our Cassandra clients are located in the same data
> centers as the nodes being queried.  It would be very valuable for internal
> Cassandra communication across the country to be encrypted.
>
> VPN solutions and their failure scenarios do not scale horizontally with
> Cassandra.  Cassandra's eventually consistent design affords it powerful
> worldwide replication use cases, and having to setup a VPN overlay network
> just to get the data transmitted securely within Cassandra seems silly when
> the nodes could handle SSL on an end-to-end basis.
>
> -Ben
>
>
> On Tue, Jul 13, 2010 at 1:28 PM, Jonathan Ellis <jbellis@gmail.com> wrote:
>
>> It's been suggested, but it's not very useful w/o having encryption
>> for Thrift as well (in case a client has to fail over to the
>> cross-country Cassandra nodes).  So using a secure VPN makes the most
>> sense to me.
>>
>> On Tue, Jul 13, 2010 at 12:02 PM, Ben Standefer <ben@simplegeo.com>
>> wrote:
>> > Are there any plans or talks of adding SSL/encryption support between
>> > Cassandra nodes?  This would make setting up secure cross-country
>> Cassandra
>> > clusters much easier, without having to setup a secure overlay network.
>> >  MySQL supports this in it's replication.
>> >
>> > -Ben
>> >
>> >
>> > On Mon, Jul 12, 2010 at 11:23 PM, Michael Pearson <mjpearson@gmail.com>
>> > wrote:
>> >>
>> >> Hey Stu,
>> >>
>> >>  I've been using 0.6.3's SimpleAuthenticator without a hitch (just
>> >> had to figure out the daemon args
>> >> -Dpasswd.properties=conf/passwd.properties
>> >> -Daccess.properties=conf/access.properties) - why do you ask?
>> >>
>> >> -michael
>> >>
>> >> --
>> >> http://www.github.com/mjpearson
>> >> http://www.linkedin.com/in/mjpearson
>> >>
>> >>
>> >> On Mon, Jul 12, 2010 at 2:32 PM, Stu Hood <stu.hood@rackspace.com>
>> wrote:
>> >> > Hello out there,
>> >> >
>> >> > If you are running Cassandra 0.6.*, and are using Cassandra's
>> >> > authentication (IAuthenticator/SimpleAuthenticator), I'd love to hear
>> about
>> >> > it!
>> >> >
>> >> > Thanks,
>> >> >
>> >> > Stu Hood
>> >> > @stuhood
>> >> > Architecture Software Developer
>> >> > Rackspace Hosting
>> >> >
>> >> >
>> >
>> >
>>
>>
>>
>> --
>> Jonathan Ellis
>> Project Chair, Apache Cassandra
>> co-founder of Riptano, the source for professional Cassandra support
>> http://riptano.com
>>
>
>

Mime
View raw message