Securing internal transactional node connections

Node-to-node (internode) encryption protects data transferred between nodes in a cluster using SSL (Secure Sockets Layer). For information about generating SSL certificates, see Setting up SSL certificates.

OpsCenter Lifecycle Manager can configure DataStax Enterprise clusters to use node-to-node encryption and automates the process of preparing server certificates using an internal certificate authority and deploys the resulting keystore and truststore to each node automatically.

Procedure

To enable node-to-node SSL encryption:

Set the server_encryption_options in the cassandra.yaml file on each node:
- internode_encryption: Encrypts traffic between nodes, options: none, all, dc, or rack.
- keystore: Relative path from DSE installation directory or absolute path to the keystore file.
- keystore_password: Password to access the keystore.
- truststore: Relative path from DSE installation directory or absolute path to truststore file.
- truststore_password: Password to access truststore.
- require_client_auth: Enable two way encryption. After enabling you must configure clients, such as nodetool and cqlsh to use SSL.
- require_endpoint_verification: Optional, verify the connected node’s IP address matches the certificate.
To encrypt the truststore and keystore passwords with KMIP, see Encrypting table data.
```
server_encryption_options:
   internode_encryption: **all**
   keystore: **resources/dse/conf/keystore.jks**
   keystore_password: **myPassKey**
   truststore: **resources/dse/conf/truststore.jks**
   truststore_password: **truststorePass**
   require_client_auth: **true**
   require_endpoint_verification: **true**
```
Restart DSE.

Securing internal transactional node connections

Procedure

Was this helpful?

Give Feedback