Is encryption required on shared private networking?

September 2, 2015 3.9k views
Ubuntu MySQL Security DigitalOcean Networking Firewall Load Balancing

So I need to scale out my web application, but I need to ensure the data between my droplets stays private. All the tutorials on Digital Ocean only describe setting iptables to limit who can access you droplets. My question is, shouldn’t encryption be used for communication between nodes as well as iptables? So that no third party droplet can eaves drop on the conversation between nodes? I don’t see that discussed at all as a best practice. If it isn’t needed, can someone fill me in as why this wouldn’t be needed. My biggest concern is SSL on MySql kills performance by between 15-25% and if someone can tell me it isn’t needed that would be great.

2 Answers

This question was answered by @CrypticDesigns:

I am not sure if its needed, don’t know the infrastructure. But an article has been posted earlier about this:

View the original comment

I know this is old, but others might still find it (as I just did).

Soon, not any more, see:

by Rafael Rosa
Beginning in June of 2018, communication over DigitalOcean Private Network IPs will be isolated within the account or team where they were created. For most users, this security enhancement requires no action. All Droplets that were provisioned with Private Networking will continue to be able...
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!