Security Considerations
[Table of Contents](https://github.com/dell-oss/Doradus/wiki/Doradus Administration: Table-of-Contents) | [Previous](https://github.com/dell-oss/Doradus/wiki/Hardware Recommendations) | [Next](https://github.com/dell-oss/Doradus/wiki/Multi-Tenant Configuration)
Deployment Guidelines: Security Considerations
This section describes security considerations that should be observed when Doradus is used to store sensitive data. Details on configuring specific Doradus and Cassandra options, such as enabling TLS for the Doradus REST protocol, are described later in sections [Doradus Security Options](https://github.com/dell-oss/Doradus/wiki/Doradus-Configuration-Files#DoradusSecurityOptions) and [Cassandra Security Options](https://github.com/dell-oss/Doradus/wiki/Cassandra Configuration Files#CassandraSecurityOptions).
Within the Doradus architecture, application data is stored on disk and transferred across a network. Additionally, certain configuration files contain options such as passwords and must thereby be treated as sensitive. The following diagram illustrates the files and protocols (APIs) that have potential security considerations:
Figure 8 - Files and Protocols with Security Considerations
The protocols used by Doradus and Cassandra and their security considerations are summarized below:
-
Doradus REST API: This is the primary protocol used by applications to update and query objects. Doradus does not provide application-level security features: an application that can successfully connect to Doradus can update and access all objects. However, Doradus allows the REST API to be configured to use TLS (SSL), and it can restrict connections to those that provide a specific client-side certificate.
-
Doradus JMX API: Doradus uses the standard Java Management Extensions (JMX) protocol for monitoring and to perform operational functions such as backup and recovery. Though application data is not transferred over the JMX API, access to it can be restricted to prevent unintended operational functions. The JMX API can be secured with authentication and/or TLS.
-
Cassandra API: There are two application protocols for Cassandra: Thrift and CQL. Doradus can use either protocol: see the section [Configuration Parameters in doradus.yaml](https://github.com/dell-oss/Doradus/wiki/Doradus Configuration Files#ConfigParameters). Both protocols support TLS for encryption.
-
Cassandra JMX API: Cassandra also uses the JMX protocol for monitoring and to perform certain operational functions. JMX can be configured to require authorization and/or to encrypt data using TLS.
-
Cassandra Gossip API: This is an inter-node communication protocol used by Cassandra to replicate data, coordinate schema changes, and perform other activities. The protocol can be configured to use TLS for encryption, however, because of the high-volume nature of this protocol, encryption is not recommended except for cross-data center communication.
The configuration and data files used by Doradus and Cassandra and their security considerations are summarized below:
-
Doradus configuration files: The primary Doradus configuration file is
doradus.yaml. This file and thelog4j.propertiesfile are stored in the folder{doradus_home}/config. These files should be considered sensitive and secured from unauthorized access. -
Cassandra configuration files: The primary Cassandra configuration file is
cassandra.yaml. This file and other secondary configuration files are stored in the folder{cassandra_home}/conf. These files should be considered sensitive and secured from unauthorized access. -
Cassandra data files: All application data is stored in Cassandra data files, which reside in various folders as described in the section Setting Cassandra Data File Locations under [Setting Cassandra Data File Locations](https://github.com/dell-oss/Doradus/wiki/Cassandra Configuration Files#SettingCassandraDataFile). The data in these files is unencrypted and should be secured from unauthorized access.
The recommendation best practices for security Doradus and Cassandra protocols and files are summarized below:
-
Cluster subset: Deploy Doradus/Cassandra nodes on a subnet that is restricted from outside access. If applications reside outside of the subset, enable routing rules that restrict access to the Doradus REST API port.
-
Doradus REST API: Secure the Doradus REST API by configuring it to use TLS. Create a client certificate that is used to restrict access to authorized applications as described in the section [Securing the Doradus REST API](https://github.com/dell-oss/Doradus/wiki/Doradus Configuration Files#SecuringDoradusREST).
-
Doradus JMX API: Use basic user ID/password authentication as described in section [Securing the Doradus JMX API](https://github.com/dell-oss/Doradus/wiki/Doradus Configuration Files#SecuringDoradusJMX).
-
Cassandra API: Since Doradus is intended to run on the same machine or subset as Cassandra, the Cassandra API (CQL or Thrift) does not normally need to be secured. However, TLS can be used as described in section [Securing the Cassandra API](https://github.com/dell-oss/Doradus/wiki/Cassandra Configuration Files#SecuringCassandraAPI).
-
Cassandra JMX API: Use basic user ID/password authentication as described in section under [Securing the Cassandra JMX Protocol](https://github.com/dell-oss/Doradus/wiki/Cassandra Configuration Files#SecuringCassandraJMX).
-
Doradus and Cassandra configuration files: Secure the folders in which Doradus and Cassandra are installed, including their bin and conf or config folders.
-
Cassandra data files: Secure the Cassandra data file folders with permissions that restrict access to the user ID under which the Cassandra process executes. For stronger security, encrypt the data within the file system, e.g., by using the Encrypted File System (EFS) on Windows.