Hi Harish, As far as I know, storm doesn’t have encryption between daemons (nimbus<—> supervisor, supervisor<—> supervisor) at this point. Yes we should be able to use SSL enabled thrift. But it is hard (at least for me) to say how much work is needed without looking into it. Contribution on this is very much welcome.
By the way, for inter-worker communication, you can use BlowfishTupleSerializer: https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/serialization/BlowfishTupleSerializer.java#L32 <https://github.com/apache/storm/blob/master/storm-client/src/jvm/org/apache/storm/security/serialization/BlowfishTupleSerializer.java#L32> But it has a great impact on performance. So you need to evaluate throughly before using it. Thanks -Ethan > On Jun 19, 2020, at 12:53 PM, Kadirompalli Venkatashivareddy, Harish Kumar > <harish.kumar.kadirompalli.venkatashivare...@sap.com> wrote: > > Hello Team, > We have been using Apache Storm for building data pipelines > in our company. > We have some sensitive data and we would like to know if > storm provides TLS support in the communication channels with in storm > cluster (Nimbus -> Supervisor, Supervisor -> Supervisor). > I went over the Apache Storm documentation and > foundhttp://storm.apache.org/releases/1.2.3/SECURITY.html > <http://storm.apache.org/releases/1.2.3/SECURITY.html>. > Documentation suggests to use IPSec for any data encryption. It > doesn’t provide how to configure SSL at socket layer communications. > > Only option what we see as of now is to change the storm code to > use SSL enabled thrift classes and also use SSL enabled jetty. If anybody > from d...@storm.apache.org <mailto:d...@storm.apache.org> can answer how > complicated changing storm code can be for this. It will be very helpful ☺ > We understand these changes add on to major maintenance cycles on > our side. So before doing any change, we would like to check if there is any > way we can add TLS support for our storm cluster through some configuration > or any other means. > > Harish Kumar K V > Senior Software Engineer, Search > M: +1 (408) 313 5574 > <image001.png>
