Hyper-Converged Database (HCD) security checklists
Hyper-Converged Database (HCD) Security is a comprehensive feature suite that fortifies HCD databases against potential harm due to deliberate attack or user error. It includes advanced mechanisms for authentication and authorization, encryption of data in-flight and at-rest, and data auditing. In addition, HCD is compatible with various partner security solutions to meet industry-specific requirements and other advanced requirements.
HCD Security leverages enterprise standards to integrate cohesively with existing technology such as Active Directory (AD), Lightweight Directory Access Protocol (LDAP), OpenID Connect (OIDC), Public Key Infrastructure (PKI), and Key Management Interoperability Protocol (KMIP).
HCD includes advanced data protection for enterprise-grade databases:
Feature | Database |
---|---|
Authentication (Internal, LDAP, OIDC) |
Yes |
Authorization (RBAC) |
Yes |
Yes |
|
Yes |
|
Yes |
|
Yes |
HCD Security features are designed to work together to provide comprehensive protection. Implementing multiple security layers provides defense in depth. |
Security implementation guide
This section provides a detailed guide to implementing HCD security features.
Authentication and authorization
-
Enable authentication: Configure HCD to require user authentication.
-
Choose authentication scheme: Select from internal, LDAP, or OIDC.
-
Set up role-based access control: Define roles and assign appropriate permissions.
-
Configure audit logging: Monitor database activities for security compliance.
Encryption
-
Client-to-node encryption: Secure connections between clients and database nodes.
-
Node-to-node encryption: Secure internode communication.
-
Transparent data encryption: Encrypt data at rest on disk.
-
Key management: Use KMIP or local key management for encryption keys.
Network security
-
Firewall configuration: Restrict access to database ports.
-
Network segmentation: Isolate database nodes in secure network segments.
-
SSL/TLS certificates: Use valid certificates for encrypted connections.
-
Port security: Only open necessary ports for database operations.
Monitoring and compliance
-
Audit logging: Track all database activities.
-
Security monitoring: Monitor for suspicious activities.
-
Compliance reporting: Generate reports for regulatory requirements.
-
Incident response: Have procedures for security incidents.
- Database security checklist
-
Secure transactional nodes using HCD security features.