How really secure Percona cluster?

Hi forum,

Setup: 3-node cluster, 60KM node-to-node distance, hosted at different providers, communicating over untrusted networks.

A little sniffing at port 4567 revealed a lot of readable information. Information / data is clearly visible.

Sure we know how to tunnel over SSL/SSH or how to use VPN connections, but that’s not an easy to manage/maintain way of securing and it makes the cluster configuration more complex - and by making it more complex it’s more likely eventually something will go wrong.

I couldn’t find much about this; all results refer to securing MySQL which is not the point since MySQL in our setup will only be access from localhost.

Any clues on this?

Regards,
Joep

Hi,

Percona XtraDB Cluster (Galera) supports SSL to encrypt the inter-node traffic. Please, check this link:

http://www.codership.com/wiki/doku.php?id=ssl_support

Regards.

Hi,

Thanks! Works like a charm. Hard to find anything about the subject because it’s a Galera property, not Percona. The last barrier; securing the SST. Do you have any hints on that?

Regards,
Hidde