NCache provides powerful security and encryption features that help ensure that your cache is protected from unauthorized access and your sensitive application data is secured both in the cache store and also during the transmission over network between your application and the cache servers. And, you can do all of this without any code changes.
NCache provides "no-code-change", powerful security features to protect your data and network transmissions from unauthorized access.
The optionally enabled Transport Layer Security/ Secure Socket Layer (TLS/SSL) encryption, secures data exchange between the NCache cache server and the authorized NCache cache client(s). Users can enable any issued or self-signed SSL certificate to connections with the client(s), or can enable component-to-component connections in NCache. This guarantees encrypted data transmission.
NCache supports secure (encrypted and authenticated) client-server communications using the TLS 1.2 security protocol. This is the same protocol used for HTTPS web communications.
To create a TSL (or SSL for earlier versions of NCache) certificate, the following prerequisites must be considered:
To configure encrypted communications using TLS 1.2 :
To access the NCache registry key, from NCache Manager, go to HKLM > Software > Alachisoft NCache > TLS and enable TLS 1.2 with values as follows:
NOTE: there is a slight impact to performance by activating encrypted communications.
NCache security ensures that only authorized connections to the cache are accepted either for cache usage or for administration. All other connections are rejected.
When NCache security is enabled, all connections to the cache cluster must first be authenticated against Active Directory at the cache server.
You must provide credentials at the time of establishing a connection to the cache. And, if your credentials are not authenticated, the connection request is denied. You can specify user credentials in the following places:
NCache.InitializeCache(…)API from your application
NCache keeps your password encrypted in the NCache configuration files and in NCache Manager wherever you specify it.
After NCache authenticates a connection to the cache successfully, it checks NCache security configuration files at the cache server in order to authorize this connection. Each connection to the cache can be categorized as one of the followings:
You can specify authorization information through NCache management tools at the time of enabling security. You can then add additional "users" or "admins" to the security authorization as needed.
If your application deals with confidential and sensitive data that you want to secure and you're using an in-memory distributed cache, you need to ensure that your distributed cache protects this sensitive data from unwanted access through encryption.
NCache provides a rich set of encryption algorithms that are nearly impossible to break. This ensures that your sensitive data is really protected well. NCache provides the following encryption algorithms that you can choose from:
NCache data encryption and decryption occurs inside the NCache client application process. This means that all data travelling over the network between your application and the cache cluster is already encrypted. Similarly, only encrypted data is stored in cache store.
You can enable encryption through NCache management tools without any programming effort on your part. Once encryption is enabled, NCache client automatically starts encrypting your objects before sending them to the cache cluster. And, it automatically decrypts objects fetched from the cache before delivering them to your application.
You provide an encryption key that NCache uses which is kept inside NCache security configuration files at each cache server in an encrypted manner. Encryption key is automatically sent to clients to be used in memory upon a successful connection.