Secure Mission Control infrastructure
Mission Control enables authentication and authorization by default. Mission Control encrypts the user interface and all communication between operators and nodes using mutual Transport Layer Security (TLS).
For configuration details, see Configure authentication.
Secure the Mission Control UI
Secure the Mission Control UI and its REST API through an Identity-provider connector. Mission Control supports authentication through OpenLDAP or OpenID connectors:
Define a single admin user during the Mission Control installation configuration step.
Secure database clusters
To secure your database clusters, you can manage authentication and database credentials, and encrypt data at rest and in transit.
Manage authentication and credentials
Mission Control creates K8ssandra clusters. Mission Control enables authentication and authorization by default.
Rotate superuser credentials
You can rotate the superuser credentials by updating the corresponding secret directly. Mission Control detects the change and updates the credentials in the HCD, DSE, or Cassandra cluster.
Data encryption
You can enable encryption for both data-in-transit and data-at-rest:
Enable encryption for data moving between components:
-
Internode encryption: Encrypts communication between database nodes.
-
Client to node encryption: Encrypts communication between clients and database nodes.
Enable encryption for stored data:
-
Transparent Data Encryption (TDE): Encrypts data files on disk.