In the security branch of storm, worker-worker communication are encrypted (blowfish) with a shared secret.
STORM-348 will add authentication to worker-worker. For thrift (nimbus & drpc), the security branch has SASL/kerberos authentication, and you should be able to configure encryption via SASL as well. We have not tried enabling encryption with SASL. -- Derek On 7/23/14, 14:05, Isaac Councill wrote:
Hi, I've been working with storm on mesos but I need to make sure all workers are messaging over SSL since streams may contain sensitive information for almost all of my use cases. stunnel seems like a viable option but I dislike having complex port forwarding arrangements and would prefer code to config in this case. As an exercise to see how much work it would be, I forked storm and modified the storm-netty package to use SSL with the existing nio. Not so bad, and lein tests pass. Still wrapping my head around the storm codebase. Would using my modified storm-netty Context as storm.messaging.transport be enough to ensure streams are encrypted, or would I need to also attack the thrift transport plugin? Also, is anyone else interested in locking storm down with SSL?