Can a multi-node Cassandra cluster be secured in the DO cloud?
I’m configuring the internode connection for Cassandra 3.5, though the same question applies to older versions, also.
In cassandra.yaml, there’s this:
# SSL port, for encrypted communication. Unused unless enabled in # encryption_options # For security reasons, you should not expose this port to the internet. Firewall it if needed. ssl_storage_port: 7001 ... server_encryption_options: internode_encryption: all
Now, binding to a non-routable NIC will ensure that it’s not exposed outside DO, but it will be exposed to other DO VMs. Is there a way within DO to make this more secure? I don’t see anything about private networking support from DO.
I’ve read Introducing Private Networking, but that doesn’t block others’ droplets from seeing my traffic, so it’s not what I would consider private networking.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.