incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Hanna <jeremy.hanna1...@gmail.com>
Subject Re: Client traffic encryption best practices....
Date Fri, 12 Aug 2011 14:39:02 GMT
Yes - that ticket was done by Nirmal Ranganathan for the intention of getting support in Cassandra.
 That's just for a java client though.

In the future, I wonder if the CQL driver level is the right place for client encryption.

On Aug 11, 2011, at 11:26 PM, Vijay wrote:

> https://issues.apache.org/jira/browse/THRIFT-106 seems to be the right way to go....
but the cassandra server needs to support too which we might want to add....
> 
> Regards,
> </VJ>
> 
> 
> 
> On Thu, Aug 11, 2011 at 2:54 PM, Chris Marino <chris@vcider.com> wrote:
> Hello, is there any consensus on how to secure client/cluster communications???
> 
> I'm running an 8 node cluster across EC2 regions.  I'm running inter-node encryption
and I want to encrypt the traffic from the clients as well.
> 
> My options seem to be:
> 
> Have the client connect to only one node and encrypt that one connection with OpenVPN/stunnel
(or something similar). Or, set up an encrypted tunnel from the client to each node. Is there
a client library that could take care of this for me??
> 
> Setting up tunnels to each node is a major pain, but pointing the client to only one
node is going to kill my performance.  I'm running 4 nodes in each EC2 region with one client
in each. Maybe I could connect the client only to the local nodes, which should simplify things
a bit, but I was wondering if anyone had any experience with this or could suggest something
that might be better.
> 
> Please let me know.
> Thanks.
> CM
> 


Mime
View raw message