Using DSE Advanced Replication
Operations including starting, stopping, and configuring DSE Advanced Replication.
Starting DSE Advanced Replication
|
If you are using Advanced Replication V1 from DSE 5.0, you must upgrade to DSE 5.1 and migrate to Advanced Replication V2. |
Before you can start and use DSE Advanced Replication, you must create the user keyspaces and tables on the source cluster and the destination cluster.
On all nodes in the source cluster:
-
Enable replication in the
dse.yamlfile.Uncomment all
advanced_replication_optionsentries, setenabled: true, and specify a directory to hold advanced replication log files withadvanced_replication_directory:# Advanced Replication configuration settings advanced_replication_options: enabled: true advanced_replication_directory: /var/lib/cassandra/advrep -
Enable Capture-Data-Change (CDC) in the
cassandra.yamlfile on a per-node basis for each source:cdc_enabled: true cdc_raw_directory: /var/lib/cassandra/cdc_rawAdvanced Replication does not start if CDC is not enabled. Either use the default directory or change it to a preferred location.
-
Consider increasing the default CDC disk space, depending on the load (default: 4096 MB or 1/8 of the total space where
cdc_raw_directoryresides):cdc_total_space_in_mb: 16384 -
Commitlogcompression is turned off by default. To avoid problems with advanced replication, this option should NOT be used:# commitlog_compression: # - class_name: LZ4Compressor -
Do a rolling restart: restart the nodes in the source cluster one at a time while the other nodes continue to operate online.
Disabling DSE Advanced Replication
When replication is not enabled, data is not written to the replication log. On all nodes in the source cluster:
-
To disable replication, edit the
dse.yamlfile.In the
advanced_replication_optionssection, setenabled: false.# Advanced Replication configuration settings advanced_replication_options: enabled: false -
Do a rolling restart: restart the nodes in the source cluster one at a time while the other nodes continue to operate online.
-
To clean out the data that was used for DSE Advanced Replication, use
cqlshto remove these keyspaces:DROP TABLE dse_system.advrep_source_config; DROP TABLE dse_system.advrep_destination_config; DROP TABLE dse_system.advrep_repl_channel_config; DROP KEYSPACE dse_advrep;
Configuring global configuration settings
Global settings apply to the entire source cluster.
These global settings are stored in the CQL table dse_system.advrep_source_config that is automatically created.
Change global settings by using the dse advrep command line tool with this syntax:
dse advrep conf ...To view the source node configuration settings:
-
command
-
Result
dse advrep conf list-----------------------------------
|name |value |
-----------------------------------
|audit_log_file |/tmp/myaudit.gz|
-----------------------------------
|audit_log_enabled|true |
-----------------------------------The following table describes the configuration keys, their default values, and identifies when a restart of the source node is required for the change to be recognized.
The dse advrep command line tool uses these configuration keys as command arguments to the dse advrep command line tool.
| Configuration key | Default value | Description | Restart required |
|---|---|---|---|
permits |
30,000 |
Maximum number of messages that can be replicated in parallel over all destinations. |
No |
|
N/A |
Identifies this source cluster and all inserts from this cluster.
The |
No |
|
N/A |
||
|
5 |
The number of files which are open in the ingestor simultaneously. |
Yes |
|
60 seconds |
The time period in seconds for each data block ingested. Smaller time widths => more files. Larger timer widths => larger files but more data to resend on CRC mismatches. |
Yes |
|
|
Select one of these logging strategies to adopt when an invalid message is discarded: * * * See Managing invalid messages. Requires node restart. |
No |
|
false |
Specifies whether to store the audit log. |
Yes |
|
|
Specifies the file name prefix template for the audit log file.
The file name is appended with |
Yes |
|
0 |
Specifies the maximum lifetime of audit log files. Periodically, when log files are rotated, audit log files are purged when they: * Match the audit log file template * And they have not been written to for more than the specified maximum lifespan minutes To disable purging, set to 0. |
Yes |
|
60 |
Specifies the time interval to rotate the audit log file.
On rotation, the rotated file is appended with the log counter |
Yes |
Configuring destination settings
A destination is a location to which source data will be written.
Destinations are stored in the CQL table dse_system.advrep_destination_config that is automatically created.
Change destination settings by using the dse advrep command line tool with this syntax:
dse advrep destination ...You can verify the channel configuration before you change it. For example:
-
command
-
Result
dse advrep destination list-conf--------------------------------------------------------------------------------------------
|destination|name |value |
--------------------------------------------------------------------------------------------
|mydest |driver_ssl_enabled |false |
--------------------------------------------------------------------------------------------
|mydest |addresses |10.200.182.251 |
--------------------------------------------------------------------------------------------
|mydest |driver_read_timeout |15000 |
--------------------------------------------------------------------------------------------
|mydest |driver_connections_max |8 |
--------------------------------------------------------------------------------------------
|mydest |source_id_column |source_id |
--------------------------------------------------------------------------------------------
|mydest |driver_connect_timeout |15000 |
--------------------------------------------------------------------------------------------
|mydest |driver_ssl_protocol |TLS |
--------------------------------------------------------------------------------------------
|mydest |driver_consistency_level |QUORUM |
--------------------------------------------------------------------------------------------
|mydest |driver_used_hosts_per_remote_dc |0 |
--------------------------------------------------------------------------------------------
|mydest |driver_allow_remote_dcs_for_local_cl|false |
--------------------------------------------------------------------------------------------
|mydest |driver_compression |lz4 |
--------------------------------------------------------------------------------------------
|mydest |driver_connections |1 |
--------------------------------------------------------------------------------------------
|mydest |driver_ssl_cipher_suites |[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,|
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, |
| | |, |
| | |TLS_RSA_WITH_AES_256_CBC_SHA256, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |SSL_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
| | |, |
| | |SSL_RSA_WITH_RC4_128_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_RC4_128_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_RC4_128_SHA, |
| | |, |
| | |SSL_RSA_WITH_RC4_128_MD5, |
| | |, |
| | |TLS_EMPTY_RENEGOTIATION_INFO_SCSV] |
--------------------------------------------------------------------------------------------
|mydest |source_id |source1 |
--------------------------------------------------------------------------------------------
|mydest |transmission_enabled |true |
--------------------------------------------------------------------------------------------
|llpdest |driver_ssl_enabled |false |
--------------------------------------------------------------------------------------------
|llpdest |addresses |10.200.177.184 |
--------------------------------------------------------------------------------------------
|llpdest |driver_read_timeout |15000 |
--------------------------------------------------------------------------------------------
|llpdest |driver_connections_max |8 |
--------------------------------------------------------------------------------------------
|llpdest |source_id_column |source_id |
--------------------------------------------------------------------------------------------
|llpdest |driver_connect_timeout |15000 |
--------------------------------------------------------------------------------------------
|llpdest |driver_ssl_protocol |TLS |
--------------------------------------------------------------------------------------------
|llpdest |driver_consistency_level |ONE |
--------------------------------------------------------------------------------------------
|llpdest |driver_used_hosts_per_remote_dc |0 |
--------------------------------------------------------------------------------------------
|llpdest |driver_allow_remote_dcs_for_local_cl|false |
--------------------------------------------------------------------------------------------
|llpdest |driver_compression |lz4 |
--------------------------------------------------------------------------------------------
|llpdest |driver_connections |1 |
--------------------------------------------------------------------------------------------
|llpdest |driver_ssl_cipher_suites |[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,|
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, |
| | |, |
| | |TLS_RSA_WITH_AES_256_CBC_SHA256, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_256_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_128_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |SSL_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, |
| | |, |
| | |TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, |
| | |, |
| | |TLS_ECDHE_RSA_WITH_RC4_128_SHA, |
| | |, |
| | |SSL_RSA_WITH_RC4_128_SHA, |
| | |, |
| | |TLS_ECDH_ECDSA_WITH_RC4_128_SHA, |
| | |, |
| | |TLS_ECDH_RSA_WITH_RC4_128_SHA, |
| | |, |
| | |SSL_RSA_WITH_RC4_128_MD5, |
| | |, |
| | |TLS_EMPTY_RENEGOTIATION_INFO_SCSV] |
--------------------------------------------------------------------------------------------
|llpdest |source_id |source1 |
--------------------------------------------------------------------------------------------
|llpdest |transmission_enabled |false |
--------------------------------------------------------------------------------------------The following table describes the configuration keys, their default values, and identifies when a restart of the source node is required for the change to be recognized.
| Configuration key | Default value | Description | Restart required | ||
|---|---|---|---|---|---|
separator |
N/A |
Field separator. |
No |
||
name |
N/A |
Name for destination (required). |
No |
||
addresses |
none |
|
No |
||
|
false |
Set to true to enable automatic failover for destination clusters with multiple datacenters.
The value of the |
Yes |
||
driver-compression |
lz4 |
The compression algorithm the DataStax Java driver uses to send data from the source to the destination. Supported values are lz4 and snappy. |
Yes |
||
|
15000 |
Time in milliseconds the DataStax Java driver waits to connect to a server. |
No |
||
|
32 |
The number of connections the DataStax Java driver creates. |
Yes |
||
|
256 |
The maximum number of connections the DataStax Java driver creates. |
Yes |
||
|
1024 |
The maximum number of requests per connection the DataStax Java driver creates. |
|||
|
|
The consistency level used by the DataStax Java driver when executing statements for replicating data to the destination.
Specify a valid DSE |
No |
||
|
N/A |
For destination clusters with multiple datacenters, you can explicitly define the name of the datacenter that you consider local. Typically, this is the datacenter that is closest to the source cluster. This value is used only for clusters with multiple data enters. |
Yes |
||
|
none |
Driver password if the destination requires a user and password to connect.
Changing the
|
Yes |
||
|
15000 |
Time in milliseconds the DataStax Java driver waits to read responses from a server. |
No |
||
|
false |
Whether SSL is enabled for connection to the destination. |
Yes |
||
|
Disable SSL for connection to the destination. |
||||
|
none |
The path to the keystore for connection to DSE when SSL client authentication is enabled. |
Yes |
||
|
none |
The keystore password for connection to DSE when SSL client authentication is enabled. |
Yes |
||
|
none |
The keystore type for connection to DSE when SSL client authentication is enabled. |
Yes |
||
|
none |
The path to the truststore for connection to DSE when SSL is enabled. |
Yes |
||
|
none |
The truststore password for connection to DSE when SSL is enabled. |
Yes |
||
|
none |
The keystore type for connection to DSE when SSL client authentication is enabled. |
Yes |
||
|
TLS |
The SSL protocol for connection to DSE when SSL is enabled. |
Yes |
||
|
none |
A comma-separated list of SSL cipher suites for connection to DSE when SSL is enabled. Cipher suites must be supported by the source machine. |
Yes |
||
|
0 |
To use automatic failover for destination clusters with multiple datacenters, you must define the number of hosts per remote datacenter that the datacenter aware round robin policy ( |
Yes |
||
|
none |
Driver username if the destination requires a user and password to connect.
Changing the |
Yes |
||
|
N/A |
Identifies this source cluster and all inserts from this cluster.
The |
No |
||
|
|
The column to use on remote tables to insert the source id as part of the update. If this column is not present on the table that is being updated, the source id value is ignored. |
No |
||
|
false |
Specify if data collector for the table should be replicated to the destination using boolean value. |
No |
Configuring channel settings
A replication channel is a defined channel of change data between source clusters and destination clusters.
A replication channel is defined by the source cluster, source keyspace, source table name, destination cluster, destination keyspace, and destination table name.
Replications for each channel (unique keyspace and table) are stored in the CQL table dse_system.advrep_repl_channel_config that is automatically created.
Change the settings using the dse advrep command line tool with this syntax:
dse advrep channel ...You can verify the channel configuration before you change it. For example:
-
command
-
Result
dse advrep channel status------------------------------------------------------------------------------------------------------------------------------------------------------
|dc |keyspace|table |collecting|transmitting|replication order|priority|dest ks|dest table |src id |src id col|dest |dest enabled|
------------------------------------------------------------------------------------------------------------------------------------------------------
|Cassandra|foo |bar |true |true |FIFO |2 |foo |bar |source1|source_id |mydest|true |
------------------------------------------------------------------------------------------------------------------------------------------------------Properties are continuously read from the metadata, so a restart is not required after configuration changes are made. The following table describes the configuration settings.
| Column name | Description |
|---|---|
separator |
Field separator. |
keyspace |
The keyspace on the source for the table to replicate. |
table |
The table name on the source to replicate. |
|
Placeholder to override the |
|
Placeholder to override the |
enabled |
If true, replication starts for this table. If false, no more messages from this table are saved to the replication log. |
|
Datacenter this replication channel is meant for, if none specified the replication happens in all specified |
destination |
Destination to which data is written. |
|
The keyspace on the destination for the replicated table. |
|
The table name on the destination for the replicated table. |
priority |
Messages are marked by priority in descending order (DESC). |
|
Specify if the data collector for the table should be replicated to the destination. |
|
Specify if the channel should be replicated in FIFO order (default). |
|
Specify if the channel should be replicated in LIFO order. |
Security
Authentication credentials can be provided in several ways, see Providing credentials from DSE tools.
The user who is doing the replicating with DSE Advanced Replication requires table and keyspace level authorization. If the same user access is required, then ensure that the authorization is the same on the source and destination clusters.
Advanced Replication also supports setting row-level permissions on the destination cluster.
The user which connects to the destination cluster must have permission to write to the specified destination table at the row level replicated from the source, according to the RLAC restrictions.
The user is specified with the --driver-user destination setting.
Row-level access control (RLAC) on the source cluster does not impact Advanced Replication.
Because Advanced Replication reads the source data at the raw CDC file layer, it essentially reads as a superuser and has access to all configured data tables.
Advanced Replication supports encrypting the driver passwords.
Driver passwords are stored in a CQL table.
By default, driver passwords are plain text.
DataStax recommends encrypting the driver passwords before you add them to the CQL table.
Create a global encryption key, called a system_key for SSTable encryption.
Each node in the source cluster must have the same system key.
The destination does not require this key.
-
In the
dse.yamlfile:-
Verify that the
config_encryption_activeproperty is false:config_encryption_active: false -
Enable driver password encryption with the
conf_driver_password_encryption_enabledproperty:conf_driver_password_encryption_enabled: true -
Define where system keys are stored on disk. The location of the key is specified on the command line with the
-doption or withsystem_key_directoryindse.yaml. The default filepath is/etc/dse/conf. -
To configure the filename of the generated encryption key, set the
config_encryption_key_nameoption indse.yaml. The default name issystem_key.
-
-
Generate a system key:
On-server:
dsetool createsystemkey <cipher_algorithm> <strength> <system_key_file>Off-server
dsetool createsystemkey <cipher_algorithm> <strength> <system_key_file> -kmip=<kmip_groupname>For example:
dsetool createsystemkey 'AES/ECB/PKCS5Padding' 128 <system_key_file>where
<system_key_file>is a unique file name for the generated system key file. Seecreatesystemkey.Result: Configure transparent data encryption (TDE) on a per table basis. You can configure encryption with or without compression. You can create a global encryption key in the location that is specified by
system_key_directoryin thedse.yamlfile. This default global encryption key is used when thesystem_key_filesubproperty is not specified. -
Copy the returned value.
-
On any node in the source cluster, use the
dsecommand to set the encrypted password in the DSE Advanced Replication environment:dse advrep destination --driver-pwd "Sa9xOVaym7bddjXUT/eeOQ==" --driver-user "username"
SSL configuration and ports
For details about SSL configuration with DSE Advanced Replication, refer to Configuring SSL for nodetool, nodesync, dsetool, and Advanced Replication.
|
Enabling client encryption will encrypt all traffic on the |
Data insert methods
There are several ways to get data into a DataStax Enterprise cluster. Any normal paths used result in data replication using DSE Advanced Replication.
Supported data insert methods:
-
CQL insert, including cqlsh and applications that use the standard DSE drivers
-
COPY TOfrom a CSV file -
Solr HTTP or CQL
-
Spark
saveToCassandra
Unsupported data insert methods:
-
sstableloader(Cassandra bulk loader) -
OpsCenter restore from backup
-
Spark
bulkSaveToCassandra
Monitoring operations
Advanced replication can be monitored with JMX metrics. The outgoing replication queue size is a key factor to watch. See Metrics for more details.
