Err, find it *unrealistic* -Ben
On Tue, Jul 13, 2010 at 2:22 PM, Ben Standefer <b...@simplegeo.com> wrote: > Many apps would find it realistic or feasible to failover database > connections across the country (going from <1ms latency to ~90ms latency). > The scheme of failing over client database connections across the country > is probably the minority case. SSL between Cassandra nodes, even without > encryption in the clients connecting to a Cassandra node, would still be > very useful if you want to mirror infrastructure in different parts of the > world to provide users with localized low-latency access. Failover for end > users would happen at the data center level with DNS-based load balancing ( > http://dyn.com/dynect-traffic-management). If a client could not connect > to a node in it's data center, it is probably indicative of the whole data > center having issues. We're fine with client connections to Cassandra not > being encrypted, because our Cassandra clients are located in the same data > centers as the nodes being queried. It would be very valuable for internal > Cassandra communication across the country to be encrypted. > > VPN solutions and their failure scenarios do not scale horizontally with > Cassandra. Cassandra's eventually consistent design affords it powerful > worldwide replication use cases, and having to setup a VPN overlay network > just to get the data transmitted securely within Cassandra seems silly when > the nodes could handle SSL on an end-to-end basis. > > -Ben > > > On Tue, Jul 13, 2010 at 1:28 PM, Jonathan Ellis <jbel...@gmail.com> wrote: > >> It's been suggested, but it's not very useful w/o having encryption >> for Thrift as well (in case a client has to fail over to the >> cross-country Cassandra nodes). So using a secure VPN makes the most >> sense to me. >> >> On Tue, Jul 13, 2010 at 12:02 PM, Ben Standefer <b...@simplegeo.com> >> wrote: >> > Are there any plans or talks of adding SSL/encryption support between >> > Cassandra nodes? This would make setting up secure cross-country >> Cassandra >> > clusters much easier, without having to setup a secure overlay network. >> > MySQL supports this in it's replication. >> > >> > -Ben >> > >> > >> > On Mon, Jul 12, 2010 at 11:23 PM, Michael Pearson <mjpear...@gmail.com> >> > wrote: >> >> >> >> Hey Stu, >> >> >> >> I've been using 0.6.3's SimpleAuthenticator without a hitch (just >> >> had to figure out the daemon args >> >> -Dpasswd.properties=conf/passwd.properties >> >> -Daccess.properties=conf/access.properties) - why do you ask? >> >> >> >> -michael >> >> >> >> -- >> >> http://www.github.com/mjpearson >> >> http://www.linkedin.com/in/mjpearson >> >> >> >> >> >> On Mon, Jul 12, 2010 at 2:32 PM, Stu Hood <stu.h...@rackspace.com> >> wrote: >> >> > Hello out there, >> >> > >> >> > If you are running Cassandra 0.6.*, and are using Cassandra's >> >> > authentication (IAuthenticator/SimpleAuthenticator), I'd love to hear >> about >> >> > it! >> >> > >> >> > Thanks, >> >> > >> >> > Stu Hood >> >> > @stuhood >> >> > Architecture Software Developer >> >> > Rackspace Hosting >> >> > >> >> > >> > >> > >> >> >> >> -- >> Jonathan Ellis >> Project Chair, Apache Cassandra >> co-founder of Riptano, the source for professional Cassandra support >> http://riptano.com >> > >