Configuring a Cassandra cluster for internal encryption
Protect data that is transferred internally between Decision Data Store (DDS) nodes by using node-to-node encryption.
prconfig.xmlfile, enable node-to-node encryption by setting the dnode/cassandra_internode_encryption property to true.For more information about the
prconfig.xmlfile, see Changing node settings by modifying the prconfig.xml file and Downloading and viewing the prconfig.xml file for a specific node.
Configure the remaining
prconfig.xmlsettings.For more information about the
prconfig.xmlproperties for node-to-node encryption, see Prconfig properties for Cassandra cluster encryption.
Create Java keystores and truststores along with SSL certificates.For more information, see Creating Java keystores and truststores for Cassandra encryption.If you do not create separate Java keystores and truststores for external encryption, Cassandra uses the keystores and trustores that you specify for internal encryption.
truststore.sharedfiles to the external Cassandra directory.
cassandra.yamlfiles, update the configuration with the file paths and passwords to the certificates.
Restart Pega Platform for the changes to take effect.
- Prconfig properties for Cassandra cluster encryption
Secure the data transfer between Cassandra nodes and between the client machines and the Cassandra cluster by customizing the prconfig.xml file properties.
- Creating Java keystores and truststores for Cassandra encryption
Enable internal and external Cassandra encryption by creating Java keystores and truststores along with SSL certificates.