ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitriy Setrakyan <dsetrak...@apache.org>
Subject Re: Securing Ignite
Date Thu, 30 Jul 2015 19:39:26 GMT
On Thu, Jul 30, 2015 at 7:37 AM, Aleksei Valikov <aleksei.valikov@gmail.com>

> Hi,
> I'm considering Apache Ignite for a distributed computing application. I
> have a question about security.
> We'll have a central node which will run all the time (the application
> server) and a number of nodes which will join/leave the cluster in the
> runtime (we'll use AWS to add new computing resources on demand). I guess
> we'll need to use the static IP-based discovery for this scenario.

Either static IP [1] or AWS-based discovery [2].

[1] -
[2] - https://apacheignite.readme.io/docs/aws-config

> I've found the following post:
> http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/
> This is a step into the right direction. However, whitelisting IPs is not
> an option in case of dynamic IP addresses (which we probably have in AWS).
> So I'd like to ask for advice on how to secure the Ignite cluster, for
> instance with some pre-shared secret. Is there any support for this OOTB?

I think you will need to provide your own plugin provider, just like the
blog post describes. However, instead of whitelisting IPs, you implement
your GridSecurityProcessor with your own implementation of
authenticateNode() method.

You can implement it as you like, e.g. check username/password or
authenticate a client or a node against an LDAP server or anything of the

> Many thanks and best wishes,
> Alexey

View raw message