Node-to-node encryption

LCM can configure DSE clusters to use internode encryption, which is disabled by default.

Lifecycle Manager (LCM) can configure DataStax Enterprise (DSE) clusters to use node-to-node encryption. The feature is disabled by default. See Configuring SSL/TLS for DSE using LCM for step-by-step instructions for enabling internode encryption using LCM Config Profiles. To configure SSL manually and externally from LCM for DSE clusters not managed by LCM, see Configuring SSL for node-to-node connections.

When internode_encryption is enabled, Lifecycle Manager automates the process of Using local SSL certificate and keystore files using an internal certificate authority and deploys the resulting keystore and truststore to each node automatically. To enable node-to-node encryption, select a Config Profile, click cassandra.yaml, navigate to the Security pane, and select all, dc, or rack for internode_encryption. No further action is necessary beyond running an install or configure job.

Important: When enabling node-to-node encryption on an existing cluster, the cluster will experience a network partition during the transition, leading to temporary loss of consistency. If possible, choose whether to employ node-to-node encryption when first creating the cluster.