Configuring a Cassandra cluster for internal encryption
Version:
Protect data that is transferred internally between Decision Data Store (DDS) nodes by using node-to-node encryption.
-
In the
prconfig.xmlfile, enable node-to-node encryption by setting the dnode/cassandra_internode_encryption property to true.For more information about theprconfig.xmlfile, see Changing node settings by modifying the prconfig.xml file and Downloading a prconfig configuration file for a node. -
Configure the remaining
prconfig.xmlsettings.For more information about theprconfig.xmlproperties for node-to-node encryption, see Prconfig properties for Cassandra cluster encryption. -
Create Java keystores and truststores along with SSL certificates.
For more information, see Creating Java keystores and truststores for Cassandra encryption.If you do not create separate Java keystores and truststores for external encryption, Cassandra uses the keystores and trustores that you specify for internal encryption. -
Copy the
keystore.sharedandtruststore.sharedfiles to the external Cassandra directory. -
In the
prconfig.xmlandcassandra.yamlfiles, update the configuration with the file paths and passwords to the certificates. -
Restart Pega Platform for the changes to take effect.
- Defining Pega Platform access to an external Cassandra database
Manage Pega Platform access to your external Cassandra database resources by creating Cassandra user roles with assigned permissions.
- Configuring a Cassandra cluster for external encryption
Establish a secure channel for data transfers between Pega client machines and a Cassandra cluster by using client-to-server encryption.
- Prconfig properties for Cassandra cluster encryption
Secure the data transfer between Cassandra nodes and between the client machines and the Cassandra cluster by customizing the prconfig.xml file properties.
- Creating Java keystores and truststores for Cassandra encryption
Enable internal and external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.
- Configuring a Cassandra cluster for external encryption
Establish a secure channel for data transfers between Pega client machines and a Cassandra cluster by using client-to-server encryption.
- Configuring the Cassandra cluster
Pega Platform comes with an internal Cassandra cluster to which you can connect through a Decision Data Store data set. Before connecting to the cluster through Pega Platform, perform the following steps to achieve optimal performance and data consistency across the nodes in the cluster.