Configuring a Cassandra cluster for internal encryption
Protect data that is transferred internally between Decision Data Store (DDS) nodes by using node-to-node encryption.
-
In the
prconfig.xmlfile, enable node-to-node encryption by setting the dnode/cassandra_internode_encryption property to true.For more information about theprconfig.xmlfile, see Changing node settings by modifying the prconfig.xml file and Downloading a prconfig configuration file for a node. -
Configure the remaining
prconfig.xmlsettings.For more information about theprconfig.xmlproperties for node-to-node encryption, see Prconfig properties for Cassandra cluster encryption. -
Create Java keystores and truststores along with SSL certificates.
For more information, see Creating Java keystores and truststores for Cassandra encryption.If you do not create separate Java keystores and truststores for external encryption, Cassandra uses the keystores and trustores that you specify for internal encryption. -
Copy the
keystore.sharedandtruststore.sharedfiles to the external Cassandra directory. -
In the
prconfig.xmlandcassandra.yamlfiles, update the configuration with the file paths and passwords to the certificates. -
Restart Pega Platform for the changes to take effect.
- Prconfig properties for Cassandra cluster encryption
Secure the data transfer between Cassandra nodes and between the client machines and the Cassandra cluster by customizing the prconfig.xml file properties.
- Creating Java keystores and truststores for Cassandra encryption
Enable internal and external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.