-
1. Re: Security Within a Cluster
belaban Jun 9, 2009 4:55 AM (in response to vsmadmin)You cannot use SSL sockets directly, but you could add the ENCRYPT protocol [1] to your JGroups config. This is better than SSL sockets, which are slow as endpoints, and in line with SUN's recommendation to use SSLEngine rather than SSL sockets.
[1] http://www.jboss.org/community/wiki/JGroupsENCRYPT -
2. Re: Security Within a Cluster
vsmadmin Jun 9, 2009 5:16 AM (in response to vsmadmin)Just what I was after, thanks for that :)
Chris -
3. Re: Security Within a Cluster
vsmadmin Jun 9, 2009 5:22 AM (in response to vsmadmin)oh sorry I missed a bit, I have a frontend and a middleware layer, this will give secure communications for the cluster (middleware) how do I encrypt the messages between the frontend and the middleware?
Chris -
4. Re: Security Within a Cluster
belaban Jun 9, 2009 7:18 AM (in response to vsmadmin)ENCRYPT is only used to encrypt clustering traffic between the cluster nodes.
If you want encryption between clients and JBoss AS, then you have to pick the SSL invoker, see the JBoss docs for the how-to -
5. Re: Security Within a Cluster
vsmadmin Jun 9, 2009 8:52 AM (in response to vsmadmin)"bela@jboss.com" wrote:
ENCRYPT is only used to encrypt clustering traffic between the cluster nodes.
If you want encryption between clients and JBoss AS, then you have to pick the SSL invoker, see the JBoss docs for the how-to
That's not quite the setup I have... it's like this...clients-->SSL-->frontend-->middleware-->mySQL cluster
everything past the frontend is inside the Amazon EC" system, but I don't want machines internal to C2 trying to snoop traffic, so I want to encrypt it.
I have SSL between the client out on the internet and the frontend, and I can now secure the middleware machines talking to each other, but I want the communication between the frontend jboss and the middleware to be secure/encrypted as well.
Chris -
6. Re: Security Within a Cluster
brian.stansberry Jun 9, 2009 12:21 PM (in response to vsmadmin)What is the traffic between the "front end" and the "middleware"? EJB invocations?
-
7. Re: Security Within a Cluster
vsmadmin Jun 10, 2009 3:40 AM (in response to vsmadmin)"bstansberry@jboss.com" wrote:
What is the traffic between the "front end" and the "middleware"? EJB invocations?
Hiya, thanks for the reply.
Yes, they are boss just JBoss instances, in development they are all in
/opt/jboss/server/default/deploy
but on our production systems they are on different machines, the frontends are stateful and the middleware is stateless.
Chris -
8. Re: Security Within a Cluster
brian.stansberry Jun 11, 2009 3:18 PM (in response to vsmadmin)For securing the transports used for EJB invocations, see
http://www.jboss.org/community/docs/DOC-11987 for EJB2
and
http://docs.jboss.org/ejb3/app-server/reference/build/reference/en/html/transport.html for EJB3. -
9. Re: Security Within a Cluster
vsmadmin Jun 12, 2009 4:40 AM (in response to vsmadmin)That's just what I wanted, thanks a lot
Chris