tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mitch Claborn <mitch...@claborn.net>
Subject Clustering considerations - single server, multiple Tomcat instances - in the cloud
Date Mon, 17 Apr 2017 21:59:39 GMT
I'm trying to think through the security implications of this 
configuration: a single cloud server (Digital Ocean) with 2 Tomcat 8.5 
instances in a cluster, for session replication.

I can bind the Receiver element to 127.0.0.1, which I think should 
protect the actual session data from prying eyes. Is that accurate?

The multicast-based Membership element seems to be more of a risk. I 
really like the convenience of the mutlicast setup, but is that a 
security risk? Should I go with static membership instead?

I found this discussion of static membership,but it is a bit old.  Does 
anyone know of a more recent doc? 
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2009794

Are there other security considerations that I'm not thinking of?


-- 

Mitch

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message