Jump to main content
  • Support
  • Academy
  • DataStax Home
DataStax Logo
  • Glossary
  • Blog
  • Drivers
  • Community
  • Resources
  • world icon
  • Get Started
DataStax Enterprise 5.0 (EOSL)
  • About DSE 5.0
  • New features
  • Release notes
  • DSE Graph
  • Installing
  • Configuration
  • Analytics, Search, Management services
  • Initializing a cluster
  • Administration

Search other guides

  1. Home
  2. Configuration

    Information about configuring DataStax Enterprise, including using virtual nodes; setting up security; storing and accessing data exclusively from memory; setting up distributed data replication from remote clusters; running multiple DataStax Enterprise nodes on a single host machine, and automating the movement of data across different types of storage media.

  3. DSE Advanced Security

    DataStax Enterprise includes advanced data protection for enterprise-grade databases including DSE Unified Authentication, object permissions, encryption, and data auditing. The DSE Unified Authenticator provides authentication using any combination of internal Cassandra password authentication, LDAP pass-through authentication, and Kerberos authentication.

  4. Encrypting data

    DataStax Enterprise supports encryption for in-flight data and at-rest data.

  • Configuration

    Information about configuring DataStax Enterprise, including using virtual nodes; setting up security; storing and accessing data exclusively from memory; setting up distributed data replication from remote clusters; running multiple DataStax Enterprise nodes on a single host machine, and automating the movement of data across different types of storage media.

    • dse.yaml configuration file

      Primary DataStax Enterprise configuration file.

    • Virtual node (vnode) configuration

      A description of virtual nodes (vnodes) and how to use them in different types of datacenters. Also steps for disabling vnodes.

    • DSE Advanced Security

      DataStax Enterprise includes advanced data protection for enterprise-grade databases including DSE Unified Authentication, object permissions, encryption, and data auditing. The DSE Unified Authenticator provides authentication using any combination of internal Cassandra password authentication, LDAP pass-through authentication, and Kerberos authentication.

      • About security management

        An overview of DataStax Enterprise security.

      • Securing DSE Graph

        DSE Graph data is completely or partially secured by using DataStax Enterprise security features.

      • Securing Spark

        Information about Spark security and steps to configure DataStax Enterprise security for Spark.

      • Securing DSE Search

        DSE Search data is completely or partially secured by using DataStax Enterprise security features.

      • Security FAQs

        Frequently asked questions about DSE Advanced Security.

      • Encrypting data

        DataStax Enterprise supports encryption for in-flight data and at-rest data.

        • Configuring encryption

          Steps to configure DataStax Enterprise encryption for in-flight data and at-rest data.

        • About Transparent Data Encryption

          Protects sensitive at-rest data stored in configuration files and in database tables.

        • Encrypting sensitive property values

          Encrypting sensitive properties in the dse.yaml and cassandra.yaml configuration files.

        • Configuring encryption per table (TDE)

          Configure transparent data encryption (TDE) on a per table basis. You can configure encryption with or without compression.

        • Client-to-node encryption using SSL

          Client-to-node encryption protects data in flight from client machines to a database cluster using SSL. It establishes a secure channel between the client and the coordinator node.

        • Node-to-node encryption using SSL

          Node-to-node (internode) encryption protects data that is transferred between nodes in a cluster using SSL.

        • Setting up SSL for nodetool, dsetool, and dse advrep

          Using nodetool, dsetool, and dse advrep with SSL encryption.

        • Server certificates for SSL encryption

          All nodes require relevant SSL certificates. Steps to generate SSL certificates for client-to-node encryptions or node-to-node encryption.

        • Spark SSL encryption with SSL

          Communication between Spark clients and clusters as well as communication between Spark nodes can be encrypted using SSL.

        • DSE Search encryption

          DSE Search index encryption shares the setup with Cassandra SSTable encryption.

        • Encrypting using local encryption keys

          To encrypt data using encryption keys that are stored locally, use the dse command to create a system key for encryption.

        • Encrypting using off-server encryption keys

          Configure KMIP (Key Management Interoperability Protocol) encryption to use encryption keys that are stored on another server.

        • Rekeying existing data

          Create a new local encryption key, change the table key filename, and re-encrypt the SSTables using the new key.

        • Migrating encrypted tables from earlier versions

          Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.

      • DSE Unified Authentication

        Documentation on configuring and using multiple, and different, authentication schemes simultaneously on a DataStax Enterprise cluster.

      • Authenticating with internal Cassandra password authentication

        DSE Unified Authentication works with internal Cassandra password authentication.

      • RPCs over Cassandra native protocol

        Steps to configure RPC permissions for external clients.

      • LDAP authentication

        LDAP authentication support for external LDAP services.

      • Authenticating with Kerberos

        DataStax Enterprise authentication with Kerberos protocol uses tickets to prove identity for nodes that communicate over non-secure networks.

      • Using cqlsh with Kerberos/SSL

        Configuration steps to use cqlsh with Kerberos and SSL.

      • Configuring firewall ports

        If a firewall runs on the nodes in the Cassandra or DataStax Enterprise cluster, open up ports to allow communication between the nodes.

      • Enabling data auditing

        Steps to enable data auditing in DataStax Enterprise.

      • Configuring keyspace replication

        The system_auth and dse_security keyspaces store security authentication and authorization information.

      • Making /tmp non-executable

        Increase security by mounting /tmp as non-executable.

      • Securing the sstableloader in an unsecure environment

        Steps (for a development environment) to configure the sstableloader (Cassandra bulk loader) with Kerberos or SSL.

    • DSE In-Memory

      DataStax Enterprise includes DSE In-Memory for storing data to and accessing data exclusively from memory.

    • DSE Advanced Replication

      Documentation for configuring and using one-way distributed data replication.

    • DSE Multi-Instance

      Documentation for running multiple DataStax Enterprise nodes on a single host machine.

    • DSE Tiered Storage

      Documentation for automating smart data movement across different types of storage media.

    • Changing logging locations

      Changing logging locations after installation.

Encrypting data

DataStax Enterprise supports encryption for in-flight data and at-rest data.

DataStax Enterprise supports encryption for in-flight data (node-to-node and client-to-node) and at-rest data.

  • DSE Analytics
    • Spark SSL encryption with SSL.
    • Securing Spark
  • DSE Search
    • Securing DSE Search
    • DSE Search encryption, including encrypting DSE Search indexes
  • Configuring encryption
    Steps to configure DataStax Enterprise encryption for in-flight data and at-rest data.
  • About Transparent Data Encryption
    Protects sensitive at-rest data stored in configuration files and in database tables.
  • Encrypting sensitive property values
    Encrypting sensitive properties in the dse.yaml and cassandra.yaml configuration files.
  • Configuring encryption per table (TDE)
    Configure transparent data encryption (TDE) on a per table basis. You can configure encryption with or without compression.
  • Client-to-node encryption using SSL
    Client-to-node encryption protects data in flight from client machines to a database cluster using SSL. It establishes a secure channel between the client and the coordinator node.
  • Node-to-node encryption using SSL
    Node-to-node (internode) encryption protects data that is transferred between nodes in a cluster using SSL.
  • Setting up SSL for nodetool, dsetool, and dse advrep
    Using nodetool, dsetool, and dse advrep with SSL encryption.
  • Preparing server certificates for SSL encryption
    All nodes require relevant SSL certificates. Steps to generate SSL certificates for client-to-node encryptions or node-to-node encryption.
  • Spark SSL encryption with SSL
    Communication between Spark clients and clusters as well as communication between Spark nodes can be encrypted using SSL.
  • DSE Search encryption
    DSE Search index encryption shares the setup with Cassandra SSTable encryption.
  • Encrypting using local encryption keys
    To encrypt data using encryption keys that are stored locally, use the dse command to create a system key for encryption.
  • Encrypting using off-server encryption keys
    Configure KMIP (Key Management Interoperability Protocol) encryption to use encryption keys that are stored on another server.
  • Rekeying existing data
    Create a new local encryption key, change the table key filename, and re-encrypt the SSTables using the new key.
  • Migrating encrypted tables from earlier versions
    Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.

Contact Us

+1 (650) 389-6000

info@datastax.com

© DataStax | Privacy policy | Terms of use | Updated: 09 December 2019

Build time: 2019-12-09 10:25:35.447

DataStax, Titan, and TitanDB are registered trademark of DataStax, Inc. and its subsidiaries in the United States and/or other countries.

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries.