Security management
DataStax Enterprise includes advanced data protection for enterprise-grade databases including internal authentication, object permissions, encryption, Kerberos authentication, and data auditing.
DataStax Enterprise 4.0 includes advanced data protection for enterprise-grade databases:
- Internal authentication using login accounts and passwords
- Managing object permissions using internal authorization based on the GRANT/REVOKE paradigm
- Client-to-node encryption using SSL for data going from the client to the Cassandra cluster
- Node to node encryption using SSL for data between nodes
- Kerberos authentication for nodes to communication over a non-secure network by proving their identity to one another in a secure manner using tickets
- Configuring and using data auditing for an administrator to use to create detailed audit trails of cluster activity
- Transparent data encryption that transparently encodes data flushed from the memtable in system memory to the SSTables on disk (at rest data), making the at rest data unreadable by unauthorized users
The TCP-communications layer for Solr supports client-to-node and node-to-node encryption using SSL, but does not support Kerberos.
The DataStax Java Driver 2.0 and DataStax C# Driver, available on the DataStax web site, enables Kerberos support and also SSL for client/server communication.
Limitations
Assuming you configure security features, this table describes exactly which data is secured (or not) based on the workload type: real-time Cassandra (DSE/Cassandra), analytics (Hadoop), and DSE/Search (Solr).
| Feature | DSE/Cassandra | Hadoop | Solr |
|---|---|---|---|
| Internal authentication | Yes | Yes | No |
| Object permission management | Yes | Partial [1] | Partial [1] |
| Client to node encryption | Yes [2] | Yes [3] | Yes [4] |
| Kerberos authentication | Yes [5] | Yes | Yes |
| Transparent data encryption | Yes [6] | Yes | Partial [7] |
| Data auditing | Yes | Partial [8] | Full |
[1] Permissions to access objects stored in Cassandra are checked. The Solr cache and indexes and the Hadoop cache are not under control of Cassandra, and therefore are not checked. You can, however, set up permission checks to occur on tables that store Hadoop or Solr data.
[2] The inter-node gossip protocol is protected using SSL.
[3] The Thrift interface between Hadoop and the Cassandra File System (CFS) is SSL-protected. Inter-tracker communication is Kerberos authenticated, but not SSL secured. Hadoop access to Cassandra is SSL- and Kerberos-protected.
[4] HTTP access to the DSE Search/Solr data is protected using SSL. Node-to-node encryption using SSL protects internal Solr communication.
[5] The inter-node gossip protocol is not authenticated using Kerberos. Node-to-node encryption using SSL can be used.
[6] Cassandra commit log data is not encrypted, only at rest data is encrypted.
[7] Data in DSE/Search Solr tables is encrypted by Cassandra. Encryption has a slight performance impact, but ensures the encryption of original documents after Cassandra permanently stores the documents on disk. However, Solr cache data and Solr index data (metadata) is not encrypted.
[8] Hadoop data auditing is done at the Cassandra access level, so requests to access Cassandra data is audited. Full Solr auditing is done. Node-to-node encryption using SSL protects communication over inter-node gossip protocol.
Using Kerberos and SSL at the same time
Both the Kerberos and SSL libraries provide authentication, encryption, and integrity protection:
- Kerberos - If you enable Kerberos authentication, integrity protection is also enabled. However, you can enable integrity protection without encryption.
- SSL - If you use SSL, authentication, integrity protection, and encryption are all enabled or disabled.
- Kerberos and SSL - It is possible to enable both Kerberos authentication and SSL together. However, this causes some overlap because authentication is performed twice by two different schemes: Kerberos authentication and certificates through SSL. DataStax recommends choosing one and using it for both encryption and authentication. These settings are described in the dse.yaml configuration file.
Securing DSE Search services
The security table summarizes the security features of DSE Search/Solr and other integrated components. DSE Search data is completely or partially secured by using these DataStax Enterprise security features:
-
Managing object permissions using internal authorization
Access to Solr documents, excluding cached data, can be limited to users who have been granted access permissions. Permission management also secures tables used to store Solr data.
-
Data at rest in Cassandra tables, excluding cached and Solr-indexed data, can be encrypted. Encryption occurs on the Cassandra side and impacts performance slightly.
-
You can encrypt HTTP access to Solr data and internal, node-to-node Solr communication using SSL. Enable SSL node-to-node encryption on the Solr node by setting encryption options in the dse.yaml file as described in Client-to-node encryption.
-
You can authenticate DSE Search users through Kerberos authentication using Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO).
You can also use HTTP Basic Authentication, but this is not recommended.
sstableloader security options
In DataStax Enterprise 4.0, the procedure for securing sstableloader has changed slightly from previous releases.