cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Marino <ch...@vcider.com>
Subject Client traffic encryption best practices....
Date Thu, 11 Aug 2011 21:54:25 GMT
Hello, is there any consensus on how to secure client/cluster
communications???

I'm running an 8 node cluster across EC2 regions.  I'm running inter-node
encryption and I want to encrypt the traffic from the clients as well.

My options seem to be:

Have the client connect to only one node and encrypt that one connection
with OpenVPN/stunnel (or something similar). Or, set up an encrypted tunnel
from the client to each node. Is there a client library that could take care
of this for me??

Setting up tunnels to each node is a major pain, but pointing the client to
only one node is going to kill my performance.  I'm running 4 nodes in each
EC2 region with one client in each. Maybe I could connect the client only to
the local nodes, which should simplify things a bit, but I was wondering if
anyone had any experience with this or could suggest something that might be
better.

Please let me know.
Thanks.
CM

Mime
View raw message