Cookie Consent by Free Privacy Policy Generator Security & Encryption in Distributed Cache - NCache

Security and Encryption in NCache

NCache provides a robust set of security features designed to protect distributed caching environments without compromising performance. For instance, the Access Controls it offers let you define user permissions for specific caches and nodes, ensuring that only authorized users can perform certain operations. Additionally, LDAP Integration enables centralized authentication, making it easier to manage secure access across the system.

Moreover, to protect sensitive data, Data Encryption secures it both in memory and during transmission using algorithms like AES, 3DES, and AES FIPS. However, it does come with an added performance cost. For more efficient network security, TLS Encryption secures communication between clients, servers, and bridges with less overhead, and allows you to choose which communication paths to protect. Additionally, HTTPS Support secures access to the NCache Management Center on both Windows and Linux using TLS certificates, ensuring safe and encrypted administrative access.

  1. Secured Connections to Cache via TLS
  2. Data Encryption by Cache Client
  3. Authentication and Authorization
NCache Data Encyption Feature

All the ways that NCache provides security are explained below:

Secured Connections to Cache via TLS

NCache supports powerful security features that require no code change to protect your data and network transmission from unauthorized access.

Transport Layer Security (TLS) encryption secures data exchange between servers and clients, different servers, caches, and bridges. Users can enable any issued or self-signed certificate for connections with the client(s) or can enable component-to-component connections in NCache. This guarantees encrypted data transmission, which is separate from TLS-secured data.

NCache supports secure (encrypted and authenticated) communications using the TLS 1.2 or 1.3 security protocols. This is the same protocol used for HTTPS communications.

To configure TLS encryption in Windows or Linux, follow the documentation on Configure TLS Encryption in NCache.

Data Encryption by Cache Client

If your application deals with confidential and sensitive data that you want to secure, and you're using an in-memory distributed cache, you need to ensure that your distributed cache protects this sensitive data from unwanted access through encryption.

NCache provides a rich set of encryption algorithms you can choose from:

  1. 3DES-128
  2. 3DES-192
  3. AES-128
  4. AES-192
  5. AES-256
  6. AES-FIPS 128
  7. AES-FIPS 192
  8. AES-FIPS 256

NCache data encryption and decryption occur inside the NCache client application process. Hence, all data traveling over the network between your application and the cache cluster is already encrypted. Similarly, only encrypted data is stored in the cache store. You provide an encryption key that NCache uses, which is kept inside NCache security configuration files at each cache server in an encrypted manner. The encryption key is automatically sent to clients to be used in memory upon a successful connection.

You can enable encryption through the NCache Management Center without any programming effort on your part. Once encryption is enabled, the NCache client automatically starts encrypting your objects before sending them to the cache cluster. And, it automatically decrypts objects fetched from the cache before delivering them to your application.

Authentication and Authorization

NCache provides security with authentication and authorization built into the product. NCache categorizes the users based on the two different levels of security as follows:

  1. Node Administrators: Node Administrators are super-users with full control over the cache. They can create, modify, and remove caches, as well as perform any cache management tasks. They have the ability to save or discard security configurations and can inherit the capabilities of Cache Users to interact with caches using the NCache API.
  2. Cache Users: If you want to restrict users to only cache API access without node management privileges, you can configure them as Cache Users, limiting them to data operations like Add, Remove, Update, and Retrieve through the relevant APIs on the cache they have access to. However, if you prefer all users to have full access to perform operations on the node and the configured caches, there's no need to set up Cache Users, as Node Administrators already have complete control over the cache.

Authentication

NCache security ensures that only authorized users are granted access either for cache usage or for administration. All other connections are rejected. NCache security mechanism works with any LDAP-supported Directory Services. When NCache security is enabled, all the connections to the cache cluster must be authenticated first against the LDAP Directory at the cache server.

You need to provide credentials at the time of establishing a connection to the cache. These credentials include your User Name, Distinguished Name (DN), Password, etc. If your credentials are not authenticated, your connection request is denied. You need to specify user credentials in the following places based on the security level. For further details please refer to the NCache Documentation.

  • Node Administrators: Add the node administrators as follows:

    Add-NCacheUserOrGroup -Server 20.200.20.40 -AccessLevel Admin -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController 20.200.23.100

    Then you can enable security as you can see below:

    Enable-NCacheSecurity -Server 20.200.20.40 -AdminCredentials(Get-Credential john_smith) -WriteCredentialsToServiceConfig

    You can also configure node level security using the NCache Management Center.

  • Cache Users:

    You've successfully secured your node and its caches. As previously discussed, to restrict certain users to cache operations without full management rights, add them as Cache Users. Use the same cmdlet for Node Administrators, by specifying AccessLevel as Cache and CacheName (the name of the cache you want the user to access). Run the following command:

    Add-NCacheUserOrGroup -Server 20.200.20.40 -AccessLevel Cache -CacheName demoCache -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController 20.200.23.100 -EnableSecurity Yes

    You can also configure the credentials programmatically. An example of how to call this method with the required user credentials is shown below:

    // Specify cache name and user credentials
    string cacheName = "demoCache";
    string userId = "userid";
    string password = "mypassword";
    
    // Initialize the CacheConnectionOptions
    var options = new CacheConnectionOptions();
    
    // Enter the credentials
    options.UserCredentials = new Credentials(userId, password);
    
    // Connect to the cache using the security credentials
    ICache cache = CacheManager.GetCache(cacheName, options);

Authorization

After NCache authenticates a connection to the cache successfully, it checks NCache configuration files at the cache server to authorize this connection. Once a connection is authenticated against the active directory, it is authorized either from the security.ncconf file or the client.ncconf based on whether you are using node level or cache level security, respectively.

What to Do Next?

© Copyright Alachisoft 2002 - . All rights reserved. NCache is a registered trademark of Diyatech Corp.