Distributed caches are designed to be deployed in massive data centers, where every user has direct access to the data stored in the cache or traveling over the network. This simple functionality is problematic where your application has to cache sensitive data and it simply cannot afford to allow administrative and API access rights on the cache to every other user.
Let’s say that your application processes data of an airline. With all its massive data records, would you really want just anybody to meddle with its precision? What you need here is to encrypt your data and secure its access. For this purpose, NCache provides you with solid encryption mechanisms and LDAP supported directory services.
Figure: Security and Encryption Architecture in NCache
NCache Security and Encryption NCache Security NCache Encryption
Let’s buckle up as we take a short tour of what lengths NCache goes to secure your application’s data.
Secure Connections Using SSL/TLS
NCache provides your application with Secure Socket Layer/Transport Layer Security SSL/TLS (NCache supportsTLS 1.2) encryption that, when enabled, encrypts your flight information that is to be exchanged between the cache servers and your authorized clients. Between your server and the client, a certificate containing encryption details is shared. Among these details is a key that acts as a trustee for a secure server-client connection. This way you get secure communication for your data travel. To get a detailed idea of how NCache uses SSL/TLS for secure connections, read our blog on SSL/TLS Configuration in NCache Made Simple.
You can enable secure connections using NCache SSL/TLS encryption by following the steps provided in Configure SSL/TLS Encryption in NCache.
Data Encryption by Cache Client
Another way of securing your data is to encrypt the sensitive data that you want to store in your distributed cache. Encrypting data means that all the data traveling over the network, as well as the data stored in the cache, is already quite strongly encrypted.
So, imagine your application that processes critical flight info losing its accuracy just because you did not secure the cache you were using? To avoid your application falling into that deep a pit, NCache supports following encrypting algorithms for your data that are nearly impossible to break:
- 3DES-128
- 3DES-192
- AES-128
- AES-192
- AES-256
- AES-FIPS 128
- AES-FIPS 192
- AES-FIPS 256
Enabling encryption is the easiest through a very user-friendly environment of NCache Web Manager. The details of the process you will find in our help on Configure Encryption for a Cache. Get to know encryption in NCache from our blog on Diving deeper into Encryption in NCache.
NCache Security and Encryption NCache Security NCache Encryption
NCache Security Authentication
Authentication ensures that only those users be admitted to perform administrative and API tasks on the cache who have been registered as authorized users by the admin.
If you enable NCache security against any cache or server node, all requests to the cache/server must first be authenticated against the LDAP directory on the server side. These requests or these connections require you to provide certain credentials for successful authentication. These include your User Name, Distinguished Name (DN), and Password. You can configure security for cache cluster Using NCache Web Manager and NCache PowerShell Tool and for cache nodes Using NCache Web Manager and NCache PowerShell Tool. You can get a better understanding on what authentication is and how NCache authenticates an incoming connection from Exploring Cache Environment Security in NCache.
NCache Security Authorization
The second step of getting to perform administrative and API operations on a cache or node is user Authorization. Authorization makes sure that the user connection that was authenticated earlier matches the information in the security configuration files at the server side. These incoming connections can be either of the followings:
- User for Cache Security: These users are authorized to perform cache level operations. A “user” is defined at cache level and is populated in cache config.
- User for Node Security: These users are authorized to perform any management and configuration related operations on a cluster node. This “user” is defined at cache server level and is populated in security config file.
You will find more, indepth information on authorization from our blog Exploring Cache Environment Security in NCache.
NCache Security and Encryption NCache Security NCache Encryption
Let’s Deduce What We Know
Security is an extremely important element wherever critical data is being processed. NCache on top of being a fast, in-memory, distributed solution, also provides the best security and encryption implementation to secure the sensitivity of your data. You can encrypt transmitting data, stored data, limit management access on a cache cluster, a single node, or even a client node by allowing only a handful of admins and users to have access to it.
So, why don’t you sit back, relax, and let them airplanes take people places without a care in the world. Because now you have NCache!
