NCache provides powerful security and encryption features that help ensure that your cache is protected from unauthorized access and your sensitive application data is secured both in the cache store and also during the transmission over network between your application and the cache servers. And, you can do all of this without any code changes.
NCache security ensures that only authorized connections to the cache are accepted either for cache usage or for administration. All other connections are rejected.
When NCache security is enabled, all connections to the cache cluster must first be authenticated against Active Directory at the cache server.
You must provide credentials at the time of establishing a connection to the cache. And, if your credentials are not authenticated, the connection request is denied. You can specify user credentials in the following places:
NCache.InitializeCache(…)API from your application
NCache keeps your password encrypted in the NCache configuration files and in NCache Manager wherever you specify it.
After NCache authenticates a connection to the cache successfully, it checks NCache security configuration files at the cache server in order to authorize this connection. Each connection to the cache can be categorized as one of the followings:
You can specify authorization information through NCache management tools at the time of enabling security. You can then add additional "users" or "admins" to the security authorization as needed.
Figure 1: NCache Data Encyption Feature
If your application deals with confidential and sensitive data that you want to secure and you're using an in-memory distributed cache, you need to ensure that your distributed cache protects this sensitive data from unwanted access through encryption.
NCache provides a rich set of encryption algorithms that are nearly impossible to break. This ensures that your sensitive data is really protected well. NCache provides the following encryption algorithms that you can choose from:
NCache data encryption and decryption occurs inside the NCache client application process. This means that all data travelling over the network between your application and the cache cluster is already encrypted. Similarly, only encrypted data is stored in cache store.
You can enable encryption through NCache management tools without any programming effort on your part. Once encryption is enabled, NCache client automatically starts encrypting your objects before sending them to the cache cluster. And, it automatically decrypts objects fetched from the cache before delivering them to your application.
You provide an encryption key that NCache uses which is kept inside NCache security configuration files at each cache server in an encrypted manner. Encryption key is automatically sent to clients to be used in memory upon a successful connection.