Securing Ignite

classic Classic list List threaded Threaded
5 messages Options
Aleksei Valikov Aleksei Valikov
Reply | Threaded
Open this post in threaded view
|

Securing Ignite

Hi,

I'm considering Apache Ignite for a distributed computing application. I have a question about security.

We'll have a central node which will run all the time (the application server) and a number of nodes which will join/leave the cluster in the runtime (we'll use AWS to add new computing resources on demand). I guess we'll need to use the static IP-based discovery for this scenario.

As I read the configuration right now, any server in my VPC which knows the IP address of the central node will be able to connect to the Ignite cluster and accept tasks/jobs. This feels quite insecure - basically anyone in VPC would be able to get the data from the tasks/jobs.

How could I make it secure?

I've found the following post:


This is a step into the right direction. However, whitelisting IPs is not an option in case of dynamic IP addresses (which we probably have in AWS).

So I'd like to ask for advice on how to secure the Ignite cluster, for instance with some pre-shared secret. Is there any support for this OOTB?

Many thanks and best wishes,
Alexey
Ognen Duzlevski Ognen Duzlevski
Reply | Threaded
Open this post in threaded view
|

Re: Securing Ignite

Aleksei, VPC is by default private, no? You can always have a separate subnet within the VPC that you deploy all your on-demand Ignite nodes into, together with your "always on" node - combined with some simple iptables rules, this should be sufficient. You can expose the functionality of your cluster via REST API where you can control access to the whole thing (submitting jobs, asking for data etc.) via passwords, shared secrets, public/private keys etc. The exposed REST point can be a separate machine or set of machines running something like Scalatra (with/without Akka) that is not in the same subnet but is allowed to connect to the Ignite subnet as a client - you can make this node have a static IP (or you can have a different subnet where this node is that is only allowed to connect to the Ignite subnet) and only allow it to connect to your cluster...

On Thu, Jul 30, 2015 at 9:37 AM, Aleksei Valikov <[hidden email]> wrote:
Hi,

I'm considering Apache Ignite for a distributed computing application. I have a question about security.

We'll have a central node which will run all the time (the application server) and a number of nodes which will join/leave the cluster in the runtime (we'll use AWS to add new computing resources on demand). I guess we'll need to use the static IP-based discovery for this scenario.

As I read the configuration right now, any server in my VPC which knows the IP address of the central node will be able to connect to the Ignite cluster and accept tasks/jobs. This feels quite insecure - basically anyone in VPC would be able to get the data from the tasks/jobs.

How could I make it secure?

I've found the following post:


This is a step into the right direction. However, whitelisting IPs is not an option in case of dynamic IP addresses (which we probably have in AWS).

So I'd like to ask for advice on how to secure the Ignite cluster, for instance with some pre-shared secret. Is there any support for this OOTB?

Many thanks and best wishes,
Alexey

Aleksei Valikov Aleksei Valikov
Reply | Threaded
Open this post in threaded view
|

Re: Securing Ignite

Hi,

we have a rather large (company-wide) VPC, we're basically couple our own datacenters with a private AWS cluster.
The central application server is (an must be) open in the intranet so we probably can't protect it just by subnetting.
Thank you, I'll try to understand your suggestion.

Best wishes,
Alexey

On Thu, Jul 30, 2015 at 6:17 PM, Ognen Duzlevski <[hidden email]> wrote:
Aleksei, VPC is by default private, no? You can always have a separate subnet within the VPC that you deploy all your on-demand Ignite nodes into, together with your "always on" node - combined with some simple iptables rules, this should be sufficient. You can expose the functionality of your cluster via REST API where you can control access to the whole thing (submitting jobs, asking for data etc.) via passwords, shared secrets, public/private keys etc. The exposed REST point can be a separate machine or set of machines running something like Scalatra (with/without Akka) that is not in the same subnet but is allowed to connect to the Ignite subnet as a client - you can make this node have a static IP (or you can have a different subnet where this node is that is only allowed to connect to the Ignite subnet) and only allow it to connect to your cluster...

On Thu, Jul 30, 2015 at 9:37 AM, Aleksei Valikov <[hidden email]> wrote:
Hi,

I'm considering Apache Ignite for a distributed computing application. I have a question about security.

We'll have a central node which will run all the time (the application server) and a number of nodes which will join/leave the cluster in the runtime (we'll use AWS to add new computing resources on demand). I guess we'll need to use the static IP-based discovery for this scenario.

As I read the configuration right now, any server in my VPC which knows the IP address of the central node will be able to connect to the Ignite cluster and accept tasks/jobs. This feels quite insecure - basically anyone in VPC would be able to get the data from the tasks/jobs.

How could I make it secure?

I've found the following post:


This is a step into the right direction. However, whitelisting IPs is not an option in case of dynamic IP addresses (which we probably have in AWS).

So I'd like to ask for advice on how to secure the Ignite cluster, for instance with some pre-shared secret. Is there any support for this OOTB?

Many thanks and best wishes,
Alexey


dsetrakyan dsetrakyan
Reply | Threaded
Open this post in threaded view
|

Re: Securing Ignite

In reply to this post by Aleksei Valikov


On Thu, Jul 30, 2015 at 7:37 AM, Aleksei Valikov <[hidden email]> wrote:
Hi,

I'm considering Apache Ignite for a distributed computing application. I have a question about security.

We'll have a central node which will run all the time (the application server) and a number of nodes which will join/leave the cluster in the runtime (we'll use AWS to add new computing resources on demand). I guess we'll need to use the static IP-based discovery for this scenario.

Either static IP [1] or AWS-based discovery [2].

 
I've found the following post:

This is a step into the right direction. However, whitelisting IPs is not an option in case of dynamic IP addresses (which we probably have in AWS).

So I'd like to ask for advice on how to secure the Ignite cluster, for instance with some pre-shared secret. Is there any support for this OOTB?
 
I think you will need to provide your own plugin provider, just like the blog post describes. However, instead of whitelisting IPs, you implement your GridSecurityProcessor with your own implementation of authenticateNode() method. 

You can implement it as you like, e.g. check username/password or authenticate a client or a node against an LDAP server or anything of the sort.
 

Many thanks and best wishes,
Alexey

Aleksei Valikov Aleksei Valikov
Reply | Threaded
Open this post in threaded view
|

Re: Securing Ignite

Hi,

thank you, Dmitriy.
Implementing the processor is surely an option, shouldn't even be complex. I just wondered if there was something OOTB.
I'll see if we could contribute this.

Best wishes,
Alexey

On Thu, Jul 30, 2015 at 9:39 PM, Dmitriy Setrakyan <[hidden email]> wrote:


On Thu, Jul 30, 2015 at 7:37 AM, Aleksei Valikov <[hidden email]> wrote:
Hi,

I'm considering Apache Ignite for a distributed computing application. I have a question about security.

We'll have a central node which will run all the time (the application server) and a number of nodes which will join/leave the cluster in the runtime (we'll use AWS to add new computing resources on demand). I guess we'll need to use the static IP-based discovery for this scenario.

Either static IP [1] or AWS-based discovery [2].

 
I've found the following post:

This is a step into the right direction. However, whitelisting IPs is not an option in case of dynamic IP addresses (which we probably have in AWS).

So I'd like to ask for advice on how to secure the Ignite cluster, for instance with some pre-shared secret. Is there any support for this OOTB?
 
I think you will need to provide your own plugin provider, just like the blog post describes. However, instead of whitelisting IPs, you implement your GridSecurityProcessor with your own implementation of authenticateNode() method. 

You can implement it as you like, e.g. check username/password or authenticate a client or a node against an LDAP server or anything of the sort.
 

Many thanks and best wishes,
Alexey