SSL protects your data in transit between applications by ensuring that only the applications identified by you can share cluster data.
To be secure, the data that is cached in a Geode system must be protected during storage, distribution, and processing. At any time, data in a cluster may be in one or more of these locations:
- In memory
- On disk
- In transit between processes (for example, in an internet or intranet)
For the protection of data in memory or on disk, Geode relies on your standard system security features such as firewalls, operating system settings, and JDK security settings.
The SSL implementation ensures that only the applications identified by you can share cluster data in transit. In this figure, the data in the visible portion of the cluster is secured by the firewall and by security settings in the operating system and in the JDK. The data in the disk files, for example, is protected by the firewall and by file permissions. Using SSL for data distribution provides secure communication between Geode system members inside and outside the firewalls.
You configure SSL for mutual authentication between members and to protect your data during distribution. You can use SSL alone or in conjunction with the other Geode security options.
A simple example demonstrates the configuration and startup of Geode system components with SSL.