• HOME
  • ACADEMY
  • DOCS
CONTACT US DOWNLOAD DATASTAX Download DataStax
DataStax Logo
  • GLOSSARY
  • SUPPORT
  • DATASTAX BLOG
  • DRIVERS
  • world icon
DataStax Enterprise 5.0 (Earlier version)
  • About DSE 5.0
  • New features
  • Release notes
  • DSE Graph
  • Installing
  • Configuration
  • Analytics, Search, Management services
  • Initializing a cluster
  • Administration
  • Home
  • Academy
  • Docs home
  • Contact us
  • Download DataStax
  • Glossary
  • Support
  • Developer blogs
Search tips

Search other guides

  1. Home
  2. Configuration

    Information about configuring DataStax Enterprise, including using virtual nodes; setting up security; storing and accessing data exclusively from memory; setting up distributed data replication from remote clusters; running multiple DataStax Enterprise nodes on a single host machine, and automating the movement of data across different types of storage media.

  3. DSE Advanced Security

    DataStax Enterprise includes advanced data protection for enterprise-grade databases including DSE Unified Authentication, object permissions, encryption, and data auditing. The DSE Unified Authenticator provides authentication using any combination of internal Cassandra password authentication, LDAP pass-through authentication, and Kerberos authentication.

  4. Encrypting data

    DataStax Enterprise supports encryption for in-flight data and at-rest data.

  • Configuration

    Information about configuring DataStax Enterprise, including using virtual nodes; setting up security; storing and accessing data exclusively from memory; setting up distributed data replication from remote clusters; running multiple DataStax Enterprise nodes on a single host machine, and automating the movement of data across different types of storage media.

    • dse.yaml configuration file

      Primary DataStax Enterprise configuration file.

    • Virtual node (vnode) configuration

      A description of virtual nodes (vnodes) and how to use them in different types of datacenters. Also steps for disabling vnodes.

    • DSE Advanced Security

      DataStax Enterprise includes advanced data protection for enterprise-grade databases including DSE Unified Authentication, object permissions, encryption, and data auditing. The DSE Unified Authenticator provides authentication using any combination of internal Cassandra password authentication, LDAP pass-through authentication, and Kerberos authentication.

      • About security management

        An overview of DataStax Enterprise security.

      • Securing DSE Graph

        DSE Graph data is completely or partially secured by using DataStax Enterprise security features.

      • Securing Spark

        Information about Spark security and steps to configure DataStax Enterprise security for Spark.

      • Securing DSE Search

        DSE Search data is completely or partially secured by using DataStax Enterprise security features.

      • Security FAQs

        Frequently asked questions about DSE Advanced Security.

      • Encrypting data

        DataStax Enterprise supports encryption for in-flight data and at-rest data.

        • Configuring encryption

          Steps to configure DataStax Enterprise encryption for in-flight data and at-rest data.

        • About Transparent Data Encryption

          Protects sensitive at-rest data stored in configuration files and in database tables.

        • Encrypting sensitive property values

          Encrypting sensitive properties in the dse.yaml and cassandra.yaml configuration files.

        • Configuring encryption per table (TDE)

          Configure transparent data encryption (TDE) on a per table basis. You can configure encryption with or without compression.

        • Client-to-node encryption using SSL

          Client-to-node encryption protects data in flight from client machines to a database cluster using SSL. It establishes a secure channel between the client and the coordinator node.

        • Node-to-node encryption using SSL

          Node-to-node (internode) encryption protects data that is transferred between nodes in a cluster using SSL.

        • Setting up SSL for nodetool, dsetool, and dse advrep

          Using nodetool, dsetool, and dse advrep with SSL encryption.

        • Server certificates for SSL encryption

          All nodes require relevant SSL certificates. Steps to generate SSL certificates for client-to-node encryptions or node-to-node encryption.

        • Spark SSL encryption with SSL

          Communication between Spark clients and clusters as well as communication between Spark nodes can be encrypted using SSL.

        • DSE Search encryption

          DSE Search index encryption shares the setup with Cassandra SSTable encryption.

        • Encrypting using local encryption keys

          To encrypt data using encryption keys that are stored locally, use the dse command to create a system key for encryption.

        • Encrypting using off-server encryption keys

          Configure KMIP (Key Management Interoperability Protocol) encryption to use encryption keys that are stored on another server.

        • Rekeying existing data

          Create a new local encryption key, change the table key filename, and re-encrypt the SSTables using the new key.

        • Migrating encrypted tables from earlier versions

          Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.

      • DSE Unified Authentication

        Documentation on configuring and using multiple, and different, authentication schemes simultaneously on a DataStax Enterprise cluster.

      • Authenticating with internal Cassandra password authentication

        DSE Unified Authentication works with internal Cassandra password authentication.

      • RPCs over Cassandra native protocol

        Steps to configure RPC permissions for external clients.

      • LDAP authentication

        LDAP authentication support for external LDAP services.

      • Authenticating with Kerberos

        DataStax Enterprise authentication with Kerberos protocol uses tickets to prove identity for nodes that communicate over non-secure networks.

      • Using cqlsh with Kerberos/SSL

        Configuration steps to use cqlsh with Kerberos and SSL.

      • Configuring firewall ports

        If a firewall runs on the nodes in the Cassandra or DataStax Enterprise cluster, open up ports to allow communication between the nodes.

      • Enabling data auditing

        Steps to enable data auditing in DataStax Enterprise.

      • Configuring keyspace replication

        The system_auth and dse_security keyspaces store security authentication and authorization information.

      • Making /tmp non-executable

        Increase security by mounting /tmp as non-executable.

      • Securing the sstableloader in an unsecure environment

        Steps (for a development environment) to configure the sstableloader (Cassandra bulk loader) with Kerberos or SSL.

    • DSE In-Memory

      DataStax Enterprise includes DSE In-Memory for storing data to and accessing data exclusively from memory.

    • DSE Advanced Replication

      Documentation for configuring and using one-way distributed data replication.

    • DSE Multi-Instance

      Documentation for running multiple DataStax Enterprise nodes on a single host machine.

    • DSE Tiered Storage

      Documentation for automating smart data movement across different types of storage media.

    • Changing logging locations

      Changing logging locations after installation.

Encrypting data

DataStax Enterprise supports encryption for in-flight data and at-rest data.

DataStax Enterprise supports encryption for in-flight data (node-to-node and client-to-node) and at-rest data.

  • DSE Analytics
    • Spark SSL encryption with SSL.
    • Securing Spark
  • DSE Search
    • Securing DSE Search
    • DSE Search encryption, including encrypting DSE Search indexes
  • Configuring encryption
    Steps to configure DataStax Enterprise encryption for in-flight data and at-rest data.
  • About Transparent Data Encryption
    Protects sensitive at-rest data stored in configuration files and in database tables.
  • Encrypting sensitive property values
    Encrypting sensitive properties in the dse.yaml and cassandra.yaml configuration files.
  • Configuring encryption per table (TDE)
    Configure transparent data encryption (TDE) on a per table basis. You can configure encryption with or without compression.
  • Client-to-node encryption using SSL
    Client-to-node encryption protects data in flight from client machines to a database cluster using SSL. It establishes a secure channel between the client and the coordinator node.
  • Node-to-node encryption using SSL
    Node-to-node (internode) encryption protects data that is transferred between nodes in a cluster using SSL.
  • Setting up SSL for nodetool, dsetool, and dse advrep
    Using nodetool, dsetool, and dse advrep with SSL encryption.
  • Preparing server certificates for SSL encryption
    All nodes require relevant SSL certificates. Steps to generate SSL certificates for client-to-node encryptions or node-to-node encryption.
  • Spark SSL encryption with SSL
    Communication between Spark clients and clusters as well as communication between Spark nodes can be encrypted using SSL.
  • DSE Search encryption
    DSE Search index encryption shares the setup with Cassandra SSTable encryption.
  • Encrypting using local encryption keys
    To encrypt data using encryption keys that are stored locally, use the dse command to create a system key for encryption.
  • Encrypting using off-server encryption keys
    Configure KMIP (Key Management Interoperability Protocol) encryption to use encryption keys that are stored on another server.
  • Rekeying existing data
    Create a new local encryption key, change the table key filename, and re-encrypt the SSTables using the new key.
  • Migrating encrypted tables from earlier versions
    Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.

© DataStax, Inc. All rights reserved. Updated: 2018-08-17

Build time: 2018-08-17 12:04:20.567

DataStax, Titan, and TitanDB are registered trademark of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache Cassandra, Apache, Tomcat, Lucene, Solr, Hadoop, Spark, TinkerPop, and Cassandra are trademarks of the or its subsidiaries in Canada, the United States and/or other countries.

Privacy policy | Terms of use