How really secure Percona cluster?

MySQL & MariaDB Percona XtraDB Cluster 5.x
1

Hi forum,

Setup: 3-node cluster, 60KM node-to-node distance, hosted at different providers, communicating over untrusted networks.

A little sniffing at port 4567 revealed a lot of readable information. Information / data is clearly visible.

Sure we know how to tunnel over SSL/SSH or how to use VPN connections, but that’s not an easy to manage/maintain way of securing and it makes the cluster configuration more complex - and by making it more complex it’s more likely eventually something will go wrong.

I couldn’t find much about this; all results refer to securing MySQL which is not the point since MySQL in our setup will only be access from localhost.

Any clues on this?

Regards,
Joep

2

Hi,

Percona XtraDB Cluster (Galera) supports SSL to encrypt the inter-node traffic. Please, check this link:

[URL]http://www.codership.com/wiki/doku.php?id=ssl_support[/URL]

Regards.

3

Hi,

Thanks! Works like a charm. Hard to find anything about the subject because it’s a Galera property, not Percona. The last barrier; securing the SST. Do you have any hints on that?

Regards,
Hidde