NCache provides a robust set of security features designed to protect distributed caching environments without compromising performance. For instance, the Access Controls it offers let you define user permissions for specific caches and nodes, ensuring that only authorized users can perform certain operations. Additionally, LDAP Integration enables centralized authentication, making it easier to manage secure access across the system.
Moreover, to protect sensitive data, Data Encryption secures it both in memory and during transmission using algorithms like AES, 3DES, and AES FIPS. However, it does come with an added performance cost. For more efficient network security, TLS Encryption secures communication between clients, servers, and bridges with less overhead, and allows you to choose which communication paths to protect. Additionally, HTTPS Support secures access to the NCache Management Center on both Windows and Linux using TLS certificates, ensuring safe and encrypted administrative access.
All the ways that NCache provides security are explained below:
NCache supports powerful security features that require no code change to protect your data and network transmission from unauthorized access.
Transport Layer Security (TLS) encryption secures data exchange between servers and clients, different servers, caches, and bridges. Users can enable any issued or self-signed certificate for connections with the client(s) or can enable component-to-component connections in NCache. This guarantees encrypted data transmission, which is separate from TLS-secured data.
NCache supports secure (encrypted and authenticated) communications using the TLS 1.2 or 1.3 security protocols. This is the same protocol used for HTTPS communications.
To configure TLS encryption in Windows or Linux, follow the documentation on Configure TLS Encryption in NCache.
If your application deals with confidential and sensitive data that you want to secure, and you're using an in-memory distributed cache, you need to ensure that your distributed cache protects this sensitive data from unwanted access through encryption.
NCache provides a rich set of encryption algorithms you can choose from:
NCache data encryption and decryption occur inside the NCache client application process. Hence, all data traveling over the network between your application and the cache cluster is already encrypted. Similarly, only encrypted data is stored in the cache store. You provide an encryption key that NCache uses, which is kept inside NCache security configuration files at each cache server in an encrypted manner. The encryption key is automatically sent to clients to be used in memory upon a successful connection.
You can enable encryption through the NCache Management Center without any programming effort on your part. Once encryption is enabled, the NCache client automatically starts encrypting your objects before sending them to the cache cluster. And, it automatically decrypts objects fetched from the cache before delivering them to your application.
NCache provides security with authentication and authorization built into the product. NCache categorizes the users based on the two different levels of security as follows:
NCache security ensures that only authorized users are granted access either for cache usage or for administration. All other connections are rejected. NCache security mechanism works with any LDAP-supported Directory Services. When NCache security is enabled, all the connections to the cache cluster must be authenticated first against the LDAP Directory at the cache server.
You need to provide credentials at the time of establishing a connection to the cache. These credentials include your User Name, Distinguished Name (DN), Password, etc. If your credentials are not authenticated, your connection request is denied. You need to specify user credentials in the following places based on the security level. For further details please refer to the NCache Documentation.
Node Administrators: Add the node administrators as follows:
Add-NCacheUserOrGroup -Server 20.200.20.40 -AccessLevel Admin -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController 20.200.23.100
Then you can enable security as you can see below:
Enable-NCacheSecurity -Server 20.200.20.40 -AdminCredentials(Get-Credential john_smith) -WriteCredentialsToServiceConfig
You can also configure node level security using the NCache Management Center.
You've successfully secured your node and its caches. As previously discussed, to restrict certain users to cache operations without full management rights, add them as Cache Users. Use the same cmdlet for Node Administrators, by specifying AccessLevel as Cache and CacheName (the name of the cache you want the user to access). Run the following command:
Add-NCacheUserOrGroup -Server 20.200.20.40 -AccessLevel Cache -CacheName demoCache -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController 20.200.23.100 -EnableSecurity Yes
You can also configure the credentials programmatically. An example of how to call this method with the required user credentials is shown below:
// Specify cache name and user credentials
string cacheName = "demoCache";
string userId = "userid";
string password = "mypassword";
// Initialize the CacheConnectionOptions
var options = new CacheConnectionOptions();
// Enter the credentials
options.UserCredentials = new Credentials(userId, password);
// Connect to the cache using the security credentials
ICache cache = CacheManager.GetCache(cacheName, options);
After NCache authenticates a connection to the cache successfully, it checks NCache configuration files at the cache server to authorize this connection. Once a connection is authenticated against the active directory, it is authorized either from the security.ncconf file or the client.ncconf based on whether you are using node level or cache level security, respectively.
© Copyright Alachisoft 2002 - . All rights reserved. NCache is a registered trademark of Diyatech Corp.