Search tips
Lists of security measures required for protecting a DataStax Enterprise database.
Database security checklist
Secure transactional nodes using DataStax Enterprise security features.
Search security checklist
Securing DSE Search.
Analytics security checklist
Securing DSE Analytics.
Graph security checklist
Secure DSE Graph data completely or partially using DataStax Enterprise security features.
To fully protect your data, ensure that your network is secure and temporary files are secure.
Securing ports
Lock down all unnecessary ports, and create IP security rules that allow internode and client communications.
Securing the TMP directory
Map JNA to a different executable directory before mounting the TMP directory with the noexe flag.
Configure role based access control and set up permissions on database resources.
Configuring authentication and authorization
Detailed steps to enabled authentication and authorization in a DataStax Enterprise environment.
Managing database access
How to set up Role Based Access Control (RBAC) .
Providing credentials from DSE tools
How to provide credentials when connecting to the database from a DataStax Enterprise tool.
Capture DataStax Enterprise database activity to a log file or table.
Enabling database auditing
Capture DataStax Enterprise database activity to a log file or table.
Capturing DSE Search HTTP requests
Enable auditing for the Apache Solr™ HTTP API to record HTTP requests.
Log formats
DataStax Enterprise writes events to the log file using pipe-delimited name/value pairs.
View events from DSE audit table
Use CQL queries to view events captured in the dse_audit.audit_log table.
Configure transparent data encrypt (TDE) on sensitive data stored in tables and in configuration files.
About Transparent Data Encryption
Protects sensitive at-rest data stored in configuration files and in database tables.
Configuring local encryption
Use locally stored symmetric encryption keys to protect sensitive system resources, configuration file properties, search indexes, and/or database tables.
Configuring KMIP encryption
Protect sensitive data using encryption keys from a remote KMIP (Key Management Interoperability Protocol).
Encrypting Search indexes
DSE Search index encryption shares the setup with SSTable encryption.
Migrating encrypted tables from earlier versions
Encrypted tables require specific actions to migrate to later versions of DataStax Enterprise.
Securing data inflight for DataStax Enterprise components.
About SSL
Securing data in-flight on DataStax Enterprise.
Setting up SSL certificates
General steps for generating certificate signing requests, signing, and creating a keystore and truststore for development and production environments.
Securing internal transactional node connections
Node-to-node (internode) encryption protects data that is transferred between nodes in a cluster using SSL.
Securing client to cluster connections
Client-to-node encryption protects data in flight from client machines to a database cluster using SSL and establishes a secure channel between the client and the coordinator node.
Using CQL shell (cqlsh) with SSL
Establish connections to clusters with Kerberos, internal or external authentication, and SSL enabled.
Setting up SSL for nodetool, dsetool, and dse advrep
Using nodetool, dsetool, and dse advrep with SSL encryption.
Setting up SSL for jconsole (JMX)
Using jconsole with SSL encryption.
Connecting sstableloader to a secured cluster
Steps (for a development environment) to configure the sstableloader (bulk loader) with Kerberos or SSL.
SSL enabled nodes
Connect cqlsh to an SSL enabled node by setting up SSL with environment variables or cqlshrc parameters.
Securing Spark connections
Communication between Spark applications and transactional nodes, masters and workers, and intercommunication between Spark drivers and executors can be encrypted.
Security FAQs
DataStax Enterprise security features frequently asked questions.