How to configure and connect to Apache Cassandra database with TIBCO ActiveMatrix BusinessWorksPlug-in for Apache Cassandra using SSL
Article ID: KB0073791
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks Plug-in for Apache Cassandra | 6.3 |
Description
How to configure and connect to Apache Cassandra database with TIBCO ActiveMatrix BusinessWorksPlug-in for Apache Cassandra using SSL
Issue/Introduction
To connect with the Apache Cassandra database using SSL needs to follow the given steps.
Environment
========================================
Product: TIBCO ActiveMatrix BusinessWorks Plug-in for Apache Cassandra
Version: 6.3
Product: TIBCO ActiveMatrixBusinessworks
Version: 6.6
OS: All Supported Operating Systems
========================================
Resolution
To connect with the Apache Cassandra database using SSL needs to follow the given steps.
1. Start the Apache Cassandra database in SSL mode:
In Apache Cassandra database need to change the client to node encryption setting.
The settings for managing client to node encryption are found in cassandra.yaml in the client_encryption_options section.
There are two primary toggles here for enabling encryption,
[A] enabled and
[B] optional.
If neither is set to true, client connections are entirely unencrypted.
If enabled is set to true and optional is set to false, all client connections must be secured.
If both options are set to true, both encrypted and unencrypted connections are supported using the same port. Client connections using encryption with this configuration will be automatically detected and handled by the server.
As an alternative to the optional setting, separate ports can also be configured for secure and unsecured connections where operational requirements demand it. To do so, set optional to false and use the native_transport_port_ssl setting in cassandra.yaml to specify the port to be used for secure client communication.
Use the following setting to enable SSL for cassandra database.
===============
client_encryption_options:
enabled: true
# If enabled and optional is set to true encrypted and unencrypted connections are handled.
optional: false
keystore: conf/.keystore <path for keystore>
#Ex.keystore: C:\Program Files\DataStax Community\apache-cassandra\conf\test_client_identity.p12
keystore_password: <password for given keystore>
#Ex. keystore_password: password
# require_client_auth: false
# Set trustore and truststore_password if require_client_auth is true
# truststore: conf/.truststore
# truststore_password: cassandra
# More advanced defaults below:
# protocol: TLS
# algorithm: SunX509
# store_type: JKS
# cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
# internode_compression controls whether traffic between nodes is
# compressed.
# can be: all - all traffic is compressed
# dc - traffic between different datacenters is compressed
# none - nothing is compressed.
=================
Then start the Cassandra server and the server will start in encrypted mode.
2. Configure TIBCO ActiveMatrix BusinessWorksPlug-in for Apache Cassandra in TIBCO ActiveMatrixBusinessworks 6.x
[A].Create CassandraConnectionResource.
[B].Enter Keyspace name and Node as Host: Port
Ex: keyspace: Test, Node: localhost:9042
[C].Select SSL Client Configuration and assign SSLClientResource, if it is not available then create new.
For more details about Cassandra Connection Shared Resource, go through:
https://docs.tibco.com/pub/bwplugincassandra/6.3.0/doc/html/GUID-B88DAD78-681D-4002-B0B1-7E2E9BE4E641.html
[D].In SSLClientResource, Select KeystoreProviderResource,if it is not avilbale then create new.
For more details about SSL client Resource / SSL client Configuration, go through:
https://docs.tibco.com/pub/activematrix_businessworks/6.6.0/doc/html/GUID-4DB50B9D-CA10-43FC-99A3-38204F454A84.html
[E].In KeystoreProviderResource, assign Provider, URL of the key store, and password for Keystore.
Ex. Tested with Empty Provider. URL= C:\Program Files\DataStax Community\apache-cassandra\conf\test_client_identity.p12, Password=password.
For more details about keystore provider configurations go through:
https://docs.tibco.com/pub/activematrix_businessworks/6.6.0/doc/html/GUID-BABF484C-5226-4748-A4C6-F9D72492055B.html
[F]. Save all the settings and Test the Cassandra Connection using TEST Connection, It will be successful.
1. Start the Apache Cassandra database in SSL mode:
In Apache Cassandra database need to change the client to node encryption setting.
The settings for managing client to node encryption are found in cassandra.yaml in the client_encryption_options section.
There are two primary toggles here for enabling encryption,
[A] enabled and
[B] optional.
If neither is set to true, client connections are entirely unencrypted.
If enabled is set to true and optional is set to false, all client connections must be secured.
If both options are set to true, both encrypted and unencrypted connections are supported using the same port. Client connections using encryption with this configuration will be automatically detected and handled by the server.
As an alternative to the optional setting, separate ports can also be configured for secure and unsecured connections where operational requirements demand it. To do so, set optional to false and use the native_transport_port_ssl setting in cassandra.yaml to specify the port to be used for secure client communication.
Use the following setting to enable SSL for cassandra database.
===============
client_encryption_options:
enabled: true
# If enabled and optional is set to true encrypted and unencrypted connections are handled.
optional: false
keystore: conf/.keystore <path for keystore>
#Ex.keystore: C:\Program Files\DataStax Community\apache-cassandra\conf\test_client_identity.p12
keystore_password: <password for given keystore>
#Ex. keystore_password: password
# require_client_auth: false
# Set trustore and truststore_password if require_client_auth is true
# truststore: conf/.truststore
# truststore_password: cassandra
# More advanced defaults below:
# protocol: TLS
# algorithm: SunX509
# store_type: JKS
# cipher_suites: [TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
# internode_compression controls whether traffic between nodes is
# compressed.
# can be: all - all traffic is compressed
# dc - traffic between different datacenters is compressed
# none - nothing is compressed.
=================
Then start the Cassandra server and the server will start in encrypted mode.
2. Configure TIBCO ActiveMatrix BusinessWorksPlug-in for Apache Cassandra in TIBCO ActiveMatrixBusinessworks 6.x
[A].Create CassandraConnectionResource.
[B].Enter Keyspace name and Node as Host: Port
Ex: keyspace: Test, Node: localhost:9042
[C].Select SSL Client Configuration and assign SSLClientResource, if it is not available then create new.
For more details about Cassandra Connection Shared Resource, go through:
https://docs.tibco.com/pub/bwplugincassandra/6.3.0/doc/html/GUID-B88DAD78-681D-4002-B0B1-7E2E9BE4E641.html
[D].In SSLClientResource, Select KeystoreProviderResource,if it is not avilbale then create new.
For more details about SSL client Resource / SSL client Configuration, go through:
https://docs.tibco.com/pub/activematrix_businessworks/6.6.0/doc/html/GUID-4DB50B9D-CA10-43FC-99A3-38204F454A84.html
[E].In KeystoreProviderResource, assign Provider, URL of the key store, and password for Keystore.
Ex. Tested with Empty Provider. URL= C:\Program Files\DataStax Community\apache-cassandra\conf\test_client_identity.p12, Password=password.
For more details about keystore provider configurations go through:
https://docs.tibco.com/pub/activematrix_businessworks/6.6.0/doc/html/GUID-BABF484C-5226-4748-A4C6-F9D72492055B.html
[F]. Save all the settings and Test the Cassandra Connection using TEST Connection, It will be successful.
Feedback
Yes
No
Powered by
