Data integrity is the basic building block of providing security and protecting the sensitive data from data theft or breach. To prevent tampering of data, the client-server applications use TLS (Transport Level Security) protocol to communicate across the network. TLS supports methods responsible for exchanging keys, encrypting data and authenticating message integrity, hence, establishing a secure connection.
NCache is an in-memory distributed caching solution that fully supports encryption through SSL/TLS between client and server for secure connection. It provides support for the most recent TLS version 1.2 and lets you enable SSL/TLS encryption just by a series of steps to follow and no code change. This blog briefly explains how to enable SSL/TLS between your server and client using NCache.
Why to Use SSL/TLS in the First Place?
Before going into the detail of how to do it, let us comprehend why to do it? SSL/TLS allows the communication between the server and the client to be encrypted. Encrypted data simply means a secure communication where no outside source can intercept the information shared. For applications or websites where high level security is needed such as online money transactions where only the communicating parties need to share the information, SSL/TLS encryption is a savior. Read more about encryption in NCache in the blog Diving Deeper into Encryption in NCache..
TLS needs a certificate for communication between the server and the client called SSL/TLS handshake. The certificate is an entity that holds the information required for encrypting the data between both the parties. It contains a public key which is shared by server and the client establishes the connection with the server, upon matching the key. This ensures that only the connected parties through the public key can make the communication and no third party can decrypt the messages. Have a look at Figure 1 for gaining more clarity:
Having understood that, let us talk about NCache. The advantage of NCache as mentioned earlier as well, is that it allows you to enable the SSL/TLS encryption along with no code change. It is an easy procedure that ensures the communication establishment on secure connection between the server and the client. Before going into the detail on how to do it, there are a few pre-requisites that are to be considered necessarily.
Pre-Requisites to Enable SSL/TLS Configuration
- You need to generate a self-signed certificate if you do not already have one. To create one please refer to Generating Self Signed Certifcates on Windows.
- Make sure that the certificate you are using contains a private key.
- The private key must be exportable to all nodes including the client machine.
- Make sure that you have no cache and client processes running.
Let us now go to the step wise SSL/TLS configuration.
Step 1: Enable SSL/TLS Certificate in NCache
- Through the Registry Editor, enable the certificate for NCache in the key location i.e. HKEY_LOCAL_MACHINE\SOFTWARE\Alachisoft\NCache. For production environment, the certificate is recommended to be issued by certificate authority.
- Create a new key and name the key “TLS”. Create the properties of the key which are as follows:
|CertificateName||Name of the certificate for NCache SSL Security. The type is string.|
|CertificateThumbprint||A string-based identifier for the certificate.|
|Enabled||Setting to 1 enables the value and 0 is for disabling the value.|
|RequireClientCertificate||Setting to 1 means that the SSL certificate should exist on both server and client and 0 shows that the SSL certificate to exist on the client machine is not a mandatory.|
- As shown in the properties, the certificate name and thumbprint are required and for doing so, go to Microsoft Management Console. Add certificate by clicking Add/Remove Snap-in from the file menu.
- Add a certificate with a My User Account and open the Trusted Root Certificate Authorities folder. Go to details and the Friendly Name is the certificate name and Thumbprint (without spaces) is the certificate thumbprint value.
Step 2: Connect the Client Using the Certificate
- On the client machine, set the value of RequireClientCertificate to 1 as per requirements.
- Now restart the client and cache processes along with the NCache service. Make sure that NCache service is running under the same user which imported the certificate.
Step 3: Verify Successful Client Connection
NCache provides a rich set of PowerShell tools for management and client operations, one of them being the Test-Stress tool. It simulates a heavy transactional load on a cache to monitor the NCache performance under stress. This shows the successful connection established between the client and the NCache server. You can run this tool using Windows PowerShell by running the following command:
Test-Stress -CacheName your-cache-name
The output window on running the command shows the activity on the cache like shown below:
This is it; you can easily and seamlessly make secure connections and ensure encrypted communication over the network with NCache. To make sure that you face no issues while enabling the SSL/TLS encryption, please refer to Troubleshooting section of the documentation where the commonly faced issues are discussed.
What have we learned?
We have discussed how to enable SSL/TLS security with NCache. NCache lets you secure your data with encryption that can be enabled easily with no code change. It guarantees encrypted data transmission between the server and the client. Not just this, NCache has a lot of other features that make your data secure. You can check out the other features on Security and Encryption in NCache.