Security and Encryption in NCache

NCache provides powerful security and encryption features that help ensure that your cache is protected from unauthorized access. It also makes sure that your sensitive application data is secured both in the cache store and during the transmission over a network between your application and the cache servers. And, you can do all this without any code changes.

Here are some of the ways NCache provides security for your cache:

  1. Secured SSL/TLS Connections
  2. Data Encryption by Cache Client
  3. Cache Security: Authentication
  4. Cache Security: Authorization
NCache Data Encyption Feature

All the ways that NCache provide security are explained below:

Secured Connections to Cache via SSL/TLS

NCache provides “no-code-change”, powerful security features to protect your data and network transmission from unauthorized access.

The optionally enabled Transport Layer Security/ Secure Socket Layer (TLS/SSL) encryption secures data exchange between the NCache cache server and the authorized cache client(s). Users can enable any issued or self-signed SSL certificate to connections with the client(s) or can enable component-to-component connections in NCache. This guarantees encrypted data transmission, which is separate from TLS secured data.

NCache supports secure (encrypted and authenticated) client-server communications using the TLS 1.2 security protocol. This is the same protocol used for HTTPs communications.

To create a TLS (or SSL for earlier versions of NCache) certificate, follow the documentation on Configure SSL/TLS Encryption in NCache.

Data Encryption by Cache Client

If your application deals with confidential and sensitive data that you want to secure and you're using an in-memory distributed cache, you need to ensure that your distributed cache protects this sensitive data from unwanted access through encryption.

NCache provides a rich set of encryption algorithms that are nearly impossible to break. This ensures that your sensitive data is protected well. NCache provides the following encryption algorithms that you can choose from:

  1. 3DES-128
  2. 3DES-192
  3. AES-128
  4. AES-192
  5. AES-256
  6. AES-FIPS 128
  7. AES-FIPS 192
  8. AES-FIPS 256

NCache data encryption and decryption occurs inside the NCache client application process. This means that all data traveling over the network between your application and the cache cluster is already encrypted. Similarly, only encrypted data is stored in the cache store.

You can enable encryption through NCache management tools without any programming effort on your part. Once encryption is enabled, the NCache client automatically starts encrypting your objects before sending them to the cache cluster. And, it automatically decrypts objects fetched from the cache before delivering them to your application.

You provide an encryption key that NCache uses which is kept inside NCache security configuration files at each cache server in an encrypted manner. The encryption key is automatically sent to clients to be used in memory upon a successful connection.

Cache Security: Authentication

NCache security ensures that only authorized users are granted access either for cache usage or for administration. All other connections are rejected. NCache security mechanism works with any LDAP supported Directory Services. All users are authenticated against the LDAP directory.

When NCache security is enabled, all connections to the cache cluster must first be authenticated against LDAP Directory at the cache server.

You need to provide credentials at the time of establishing a connection to the cache. These credentials include your User Name, Distinguished Name (DN) and Password. If your credentials are not authenticated, your connection request is denied. You need to specify user credentials in the following places:

NCache client configuration files

Security config file can be used to enable security for your cache cluster. It requires you to enter the required credentials like a domain controller, user id, and a distinguished name (dn) just as shown below.

<security enable-security="True" domain-controller="yourdomain.org" port="389">
  <user id="john_smith" dn="CN=John Smith,OU=admin,DC=yourdomain,DC=org "/>
  <user id="david_watson" dn="CN=David Watson,OU=admin,DC=yourdomain,DC=org "/>
</security>

To get a detailed idea of how to populate the config file according to your requirements, refer to Cache Config.

Calling GetCache() API from your application

You can enable security by calling the GetCache() method from your application. This method requires you to enter your user name and password for authentication. An example of how to call this method with the required user credentials is shown below:

CacheConnectionOptions cacheConnectionOptions = new CacheConnectionOptions();

// Required Connection Options Here

// Specify User Credentials to Enable Security Through GetCache API
cacheConnectionOptions.UserCredentials = new Credentials("john_smith", "password");

ICache cache = CacheManager.GetCache("myCache", cacheConnectionOptions);

To get acquainted with how to use the NCache.GetCache() method to enable security in your application, please refer to our API reference guide on GetCache.

In NCache Web Manager for administering the cache

Security can be easily enabled through NCache Web Manager against a cache cluster. You need to provide your Domain Controller, Search Base, User Name, User DN and Password in the screen shown below to successfully enable security for the cache.

NCache Web Manager

To get a detailed walk-through on how to specify security credentials from NCache Web Manager, please refer to the steps provided in the Configure Security for Cache Cluster section.

NCache keeps your password in the NCache configuration files and NCache Web Manager wherever you specify it.

Cache Security: Authorization

After NCache authenticates a connection to the cache successfully, it checks NCache security configuration files at the cache server to authorize this connection. Each connection to the cache is categorized as one of the followings:

  1. User for Cache Security: These users are authorized to perform cache level operations. A "user" is defined at cache level and is populated in cache.config.
  2. User for Node Security: These users are authorized to perform any management and configuration related operations on a cluster node. This "user" is defined at cache server level and is populated in security.config file.

You can specify authorization information through NCache management tools at the time of enabling security. You can then add additional "users" or "admins" to the security authorization as needed.

What to Do Next?

Signup for monthly email newsletter to get latest updates.

Contact Us

PHONE

+1 (214) 764-6933 (US)

+44 20 7993 8327 (UK)

© Copyright Alachisoft 2002 - . All rights reserved.