The purpose of the talk is to present how to enable SSL and data-at-rest encryption and to how SSL and data-at-rest encryption work in under-the-hood of Percona XtraDB Cluster. The presentation will cover a process of making Percona XtraDB Cluster (PXC) secure.
- A configuration of Client-Server Traffic encryption. Is there any difference between C-S encryption in PXC and PS?
- A configuration of replication encryption (SST, IST). How does it work under-the-hood?
- How to make things more comfortable with the pxc-encrypt-cluster-traffic variable.
- PXC data-at-rest encryption. How does it work? How to configure it?
Is there any part of data that is unencrypted? Yes.
- Temporary files encryption.
- Binlog encryption. Possible or not?
- keyring_file. Is useful? How to make it profitable?
- keyring_vault. How does it work?
- Is Mix-match keyring plugins possible? Yes, but useful only when transitioning from keyring_file.
- What is happening in SST when data-at-rest is enabled?
- Performance overhead.
Iwo is a Percona Support Engineer (EMEA) since August 2017.
Prior to joining Percona Iwo was a System Administrator for more than 10 years with a focus on high availability, performance and automation. He also was helping many companies in designing infrastructure and ha/failover solutions.