GET 24/7 LIVE HELP NOW

Announcement

Announcement Module
Collapse
No announcement yet.

How really secure Percona cluster?

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How really secure Percona cluster?

    Hi forum,

    Setup: 3-node cluster, 60KM node-to-node distance, hosted at different providers, communicating over untrusted networks.

    A little sniffing at port 4567 revealed a lot of readable information. Information / data is clearly visible.

    Sure we know how to tunnel over SSL/SSH or how to use VPN connections, but that's not an easy to manage/maintain way of securing and it makes the cluster configuration more complex - and by making it more complex it's more likely eventually something will go wrong.

    I couldn't find much about this; all results refer to securing MySQL which is *not* the point since MySQL in our setup will only be access from localhost.

    Any clues on this?

    Regards,
    Joep

  • #2
    Hi,

    Percona XtraDB Cluster (Galera) supports SSL to encrypt the inter-node traffic. Please, check this link:

    http://www.codership.com/wiki/doku.php?id=ssl_support

    Regards.

    Comment


    • #3
      Hi,

      Thanks! Works like a charm. Hard to find anything about the subject because it's a Galera property, not Percona. The last barrier; securing the SST. Do you have any hints on that?

      Regards,
      Hidde

      Comment


      • #4
        Hi,

        There are not much choices to secure the SST. If you are using xtrabackup as SST method, this is the script that is used:

        /usr/bin/wsrep_sst_xtrabackup

        That script uses nc to open a TCP port. So, you will have to modify it to use SSH or a tunnel.

        Regards.

        Comment


        • #5
          use openvpn

          Comment

          Working...
          X