Node-to-node encryption

Lifecycle Manager (LCM) can configure DataStax Enterprise (DSE) clusters to use node-to-node encryption. The feature is disabled by default. See Configuring SSL/TLS for DSE using LCM for step-by-step instructions for enabling internode encryption using LCM Config Profiles. To configure SSL manually and externally from LCM for DSE clusters not managed by LCM, see Configuring SSL for node-to-node connections.

When internode_encryption is enabled, Lifecycle Manager automates the process of Creating local SSL certificate and keystore files using an internal certificate authority and deploys the resulting keystore and truststore to each node automatically. To enable node-to-node encryption, select a Config Profile, click cassandra.yaml, navigate to the Security pane, and select all, dc, or rack for internode_encryption. No further action is necessary beyond running an install or configure job.

When enabling node-to-node encryption on an existing cluster, the cluster will experience a network partition during the transition, leading to temporary loss of consistency. If possible, choose whether to employ node-to-node encryption when first creating the cluster.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com