Configure Security for Cache Cluster

Note

This feature is only available in NCache Enterprise Edition.

In order to configure security for NCache Web Manager, you need to provide valid domain information of LDAP directories (primary as the mandatory domain and secondary as optional for fault tolerance).

Follow the steps provided below to configure Web Manager security.

Configure Security for Web Manager

  • Launch NCache Web Manager by browsing to http://localhost:8251 or <server-ip>:8251 on Windows and Linux.

  • In the right corner, click on Settings Icon to open Manager Settings.

  • From the left bar, click on Manager Security.

  • Provide the valid credentials for your LDAP directory like name of Domain Controller, Secondary Domain Controller (optional), Search Base, Port (optional), User Name, User DN and Password.

NCache Web Manager Security

  • Click on Verify Settings. If settings are verified, you will be prompted with a success message. Click on Apply.
Important

If node level security is enabled, you will not be able to add security on any cache containing that node unless you provide that node's admin credentials.

Configure Cache Level Security

After you have created cache, API level security for the cache cluster can be configured in following ways:

Using NCache Web Manager

  • In the left navigation bar, click on Clustered Caches or Local Caches, based on the cache to configure.

  • Against the cache name, click on View Details.

View Details

  • This opens up the detailed configuration page for the cache. Go to the Advanced Settings tab and click on Security and Encryption in the left bar.

  • Under Security, check the box Enable Security.

Enable NCache Security

  • Expand the Domain Users list which will display all users under the search base you entered previously. Select the respective users from Domain Users by clicking on > button.

Domain Users

  • Click on Save Changes to apply the configurations to cache.
  • This adds security for the respective cache, which is also saved in config.ncconf under the <security> tag.

Using PowerShell

Add-CacheSecurity cmdlet configures server cache level security.

Note

To enable security for the first time, there must be at least one user in the administrator's list. To add a user for the first time, local admin credentials are used.

The following command enables cache security against user john_smith for demoClusteredCache where the primary domain controller is yourprimarydomain.

Add-CacheSecurity -EnableSecurity -UserID john_smith -Password mypassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -Server 20.200.20.11 -Name demoClusteredCache

The following command lets you add more users to the secured users list on the node 20.200.20.11 having yourprimarydomain as the primary LDAP controller. 

Add-CacheSecurity -AddUser -UserID john_smith -Password mypassword -NewUser david_watson -NewUserDN "CN=David Watson,OU=admin,DC=yourdomain,DC=org" -NewUserPassword userpassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -Server 20.200.20.11 -Name demoClusteredCache

Using Cache Config File

You can add cache level security using the config.ncconf file shipped at %NCHOME%/config. Populate the security section in this file with the LDAP host and admin information as follows:

<security enable-security="True">
  <ldap host="yourprimarydomain" port="389"/>
  <ldap-secondary host="yoursecondarydomain" port="389"/>
  <user id="john_smith" dn="CN=John Smith,OU=admin,DC=yourdomain,DC=org"/>
</security>

See Also

Configure Security for Cache
Configure Security for Client Nodes
Configure Encryption for Cache
Configure SSL/TLS Encryption in NCache