Configuring a Cassandra cluster for internal encryption
Protect data that is transferred internally between Decision Data Store (DDS) nodes by using node-to-node encryption.
-
In the
prconfig.xml
file, enable node-to-node encryption by setting the dnode/cassandra_internode_encryption property to true.For more information about theprconfig.xml
file, see Changing node settings by modifying the prconfig.xml file and Downloading a prconfig configuration file for a node. -
Configure the remaining
prconfig.xml
settings.For more information about theprconfig.xml
properties for node-to-node encryption, see Prconfig properties for Cassandra cluster encryption. -
Create Java keystores and truststores along with SSL certificates.
For more information, see Creating Java keystores and truststores for Cassandra encryption.If you do not create separate Java keystores and truststores for external encryption, Cassandra uses the keystores and trustores that you specify for internal encryption. -
Copy the
keystore.shared
andtruststore.shared
files to the external Cassandra directory. -
In the
prconfig.xml
andcassandra.yaml
files, update the configuration with the file paths and passwords to the certificates. -
Restart Pega Platform for the changes to take effect.
- Prconfig properties for Cassandra cluster encryption
Secure the data transfer between Cassandra nodes and between the client machines and the Cassandra cluster by customizing the prconfig.xml file properties.
- Creating Java keystores and truststores for Cassandra encryption
Enable internal and external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.