On Thu, Jul 30, 2015 at 7:37 AM, Aleksei Valikov <[email protected]> wrote:
> Hi, > > I'm considering Apache Ignite for a distributed computing application. I > have a question about security. > > We'll have a central node which will run all the time (the application > server) and a number of nodes which will join/leave the cluster in the > runtime (we'll use AWS to add new computing resources on demand). I guess > we'll need to use the static IP-based discovery for this scenario. > Either static IP [1] or AWS-based discovery [2]. [1] - https://apacheignite.readme.io/docs/cluster-config#static-ip-based-discovery [2] - https://apacheignite.readme.io/docs/aws-config > I've found the following post: > http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/ > > This is a step into the right direction. However, whitelisting IPs is not > an option in case of dynamic IP addresses (which we probably have in AWS). > > So I'd like to ask for advice on how to secure the Ignite cluster, for > instance with some pre-shared secret. Is there any support for this OOTB? > I think you will need to provide your own plugin provider, just like the blog post describes. However, instead of whitelisting IPs, you implement your GridSecurityProcessor with your own implementation of authenticateNode() method. You can implement it as you like, e.g. check username/password or authenticate a client or a node against an LDAP server or anything of the sort. > > Many thanks and best wishes, > Alexey >
