• Webinars
  • Docs
  • Download
  • Blogs
  • Contact Us
Try Free
Show / Hide Table of Contents

Cache Security in NCache: An Overview

Note

This feature is only available in NCache Enterprise Edition.

Distributed cache operates in an environment having access to many different users, where any user can change the cache configuration, perform any management operation or can have access to the cache data without any restriction. The concern of cache security arises when you are dealing with critical data or you don't want everyone to have administrative access rights to your cache server other than the list of authorized users.

All users are authenticated against LDAP Authentication supported Directory Services. NCache provides the support of two LDAP domain controllers (primary and secondary) to ensure fault tolerance in your managerial and API level operations. Among these controllers, primary domain controller is mandatory for you to enable security for your operations whereas the secondary controller is optional. In case your data is sensitive enough that you cannot afford to have your domain controller (primary) to be inactive, then you can register a secondary controller. If your primary controller goes down, all security authentications are entertained by the secondary controller.

NCache provides you with a security feature with different levels of granularity that you can implement as per your requirements.

Security Access Levels

NCache security feature incorporates security at two distinct access levels:

  • Administrative/Management Level
  • Cache API Level

These levels of security are intended to secure both management and client level access to your cache. By default, the security feature is disabled for both the access levels. You can enable security by providing the parameters mentioned in the Properties section.

Administrative/Management Level Security

Management level security in NCache ensures that a remote cluster node is protected from any unauthorized user access. It is used to validate authorized users who have access to perform any management and configuration related operation on a cluster node.

To secure an overall multi-node cache cluster, you must have to enable security on each individual node of the cluster.

Administrative tools like Manager and PowerShell tools are integrated with security framework and provide you with the option to perform operations in a secured environment.

To learn how to configure security on a node, see Configuring Security in NCache Administrators' guide.

Benefits of Enabling Management Level Security

Once, you configure management level security on your server node allowing few users to have administrative permissions, no users other than those specified will have access to perform any management operations on your node such as:

  • Create new cache
  • Remove existing cache
  • Start cache
  • Stop cache
  • Restart cache
  • Save configuration changes

Privileged System Administrator

The list of authorized users is added in security.ncconf. Administrators of that machine can enable security. Users other than those configured as your machine administrators are not permitted to perform any management related operation on your machine. But there is one exception: Administrative permissions are granted if the user is local system administrator on that machine.

Note

Privileged System Administrator is only applicable for Windows.

Local window administrator always has administrative rights and permissions whether managerial operation is performed locally, or from any other server node, using local Windows credentials.

Cache API Level Security

Cache API level security in NCache ensures that cache data is protected from any unauthorized user access. Cache API level security is used to validate authorized users who try to establish a connection with cache via NCache API. By enabling cache level security, you can control whether all or few clients can access the cluster cache data for either reading or writing. Only clients verified as valid and authenticated users are allowed to perform cache level operations.

To learn how to configure security on a cache, see Configuring Security for Cache in NCache Administrators' guide.

Benefits of Enabling API Level Security

Once you configure cache level security on a cache, no users other than those specified to have API authorization will have access to perform any cache operations on the cache such as:

  • Connect to cache
  • Get data
  • Add data
  • Remove/update data etc.

If security is enabled on a cache, then credentials must be provided along with the GetCache call to establish a connection. For every cache, this list of authorized users is maintained in the <cache-settings> section of config.ncconf.

Properties

You can enable security by providing the following credentials:

Parameters Description Example
Domain Controller Primary server responsible for security authentication. yourprimarydomain
Secondary Domain Controller Secondary server responsible for security authentication if the primary is not available. yoursecondarydomain
Search Base A string responsible for populating domain users in the web manager. OU=admin, DC=yourdomain, DC=org
Port Port number on which the domain controller is running. 389
User Name ID of the user. john_smith
User DN DN is a distinguished name used to specify a user's position in the file system. Actions like add/remove user and enable/disable security require User DN. CN=John Smith, OU=admin, DC=yourdomain, DC=org
Password A secured string used to authorize a user's credentials. yourpassword

See Also

Configuring Security
How to use Security in NCache?
NCache Data Encryption

Back to top Copyright © 2017 Alachisoft