Best_Practices

Table of Contents | Previous | Next | Index

: Best Practices

Best Practices

The recommendation best practices for security Doradus and Cassandra protocols and files are summarized below:

•	Cluster subset: Deploy Doradus/Cassandra nodes on a subnet that is restricted from outside access. If applications reside outside of the subset, enable routing rules that restrict access to the Doradus REST API port.

•	Doradus REST API: Secure the Doradus REST API by configuring it to use TLS. Create a client certificate that is used to restrict access to authorized applications as describe in the section Securing the Doradus REST API.

•	Doradus JMX API: Use basic user ID/password authentication as described in section Securing the Doradus JMX API.

•	Cassandra Thrift API: Use basic authentication as described in section Securing the Thrift Protocol.

•	Cassandra JMX API: Use basic user ID/password authentication as described in section Securing the Cassandra JMX Protocol.

•	Doradus and Cassandra configuration files: Secure the folders in which Doradus and Cassandra are installed, including their bin and conf or config folders.

•	Cassandra data files: Secure the Cassandra data file folders with permissions that restrict access to the user ID under which the Cassandra process executes. For stronger security, encrypt the data within the file system, e.g., by using the Encrypted File System (EFS) on Windows.

Doradus Administration

Best_Practices

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally