Configure Security for Cache Server Nodes
This feature is only available in NCache Enterprise Edition for .NET.
Before enabling Node Level Security, you have to enable NCache Manager Security with user credentials.
Security for cache nodes can be configured through the following steps:
Using the NCache Manager
Launch the NCache Manager by browsing to http://localhost:8251 or
<server-ip>:8251on Windows and Linux.
In the right corner, click on to open Manager Settings.
From the left bar, click on Node Level Security.
Specify the cache server node IP for which you want to configure security. Click Verify.
Once the server node IP is verified, you will be able to expand the Domain Users list. This will display all users from the domain you entered previously. Select the respective users from Domain Users by clicking on > button.
Check the box Enable Security.
Click on Change Security Options to manage security for NCache Manager. Follow the steps mentioned in Configure Security for NCache Manager to configure NCache manager security.
Click on Apply.
This adds security for the server node, which is also saved in security.ncconf under the <administrators> tag.
The Add-NodeSecurity cmdlet enables the user to configure Node Level Security for the cache.
- To enable security for the first time, there must be at least one user in the node's admin list.
- The provided admin credentials must either be local admin or node admin credentials.
The following command enables security on 18.104.22.168 with john_smith as administrator where the primary LDAP controller is yourprimarydomain.
Add-NodeSecurity -EnableSecurity -AdminUserID john_smith -AdminPassword mypassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -NodeName 22.214.171.124
If you want to add more users, use the following command after step 1. The following command adds the user david_jones to the secured users list of the node 126.96.36.199 with yourprimarydomain as the primary domain controller.
Add-NodeSecurity -AddUser -AdminUserID john_smith -AdminPassword mypassword -NewUser david_jones -NewUserPassword userpassword -NewUserDN "CN=David Jones, OU=admin, DC=yourdomain, DC=org" -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -NodeName 188.8.131.52
Using Security Config
You can add node level security using the security.ncconf config file shipped at %NCHOME%/config. Populate the config file with your LDAP primary host and secondary if needed, ports on which these hosts will listen to the incoming authentication requests, and admin information. The snippet of this file after being populated is shown below:
<cache-security enabled="True"> <ldap host="yourprimarydomain" port="389"/> <ldap-secondary host="yoursecondarydomain" port="389"/> <administrators> <admin id="john_smith" dn="CN=John Smith, OU=admin, DC=yourdomain, DC=org"/> </administrators> </cache-security>
Refer to Security Config to get a detailed about the parameters of security.ncconf.