Overview of BigMemory Max Security
Security can be applied to both authentication (such as login credentials) and authorization (the privileges of specific roles).
We recommend that you plan and implement a security strategy that encompasses all of the points of potential vulnerability in your environment, including, but not necessarily limited to, your application servers (Terracotta clients), Terracotta servers in the TSA, the Terracotta Management Console (TMC), and any BigMemory .NET or C++ clients.
Note: Terracotta does not encrypt the data on its servers, but applying your own data encryption is another possible security measure.
Scope of the SSL documentation
SSL and Java Security configuration is complex and very environment specific. This documentation assumes that you already have a working SSL configuration, and that you wish to add Terracotta to that configuration. Introducing SSL and Java Security into an environment where there was previously no SSL or Java security is outside the scope of this documentation.
The documentation assumes that you have a solid understanding of SSL, Java Security, and related concepts. There are many freely accessible documents on the web to guide you in learning and understanding SSL and Java Security; typical terms to search for are public key certificate, transport layer security (TLS) and the keytool utility.
Some of the descriptions in the following sections give examples of how you can use third party tools to help you set up your environment. These tools are widely used in the context of Java Security and are extensively documented on the web site of the tool supplier. In such cases, we do not attempt to document all possible options of the tools and limit ourselves to mentioning just the options required.
Note: All commands or sequences of commands in the following descriptions for setting up the security configuration are intended as OUTLINES ONLY that describe the basics of getting SSL configured. The setups will generally NOT work out-of-the-box, since each customer has unique requirements. If you try to copy and paste the examples, your setup will probably not be valid. Therefore you should take the outlines only as a rough guide to what you need to do, and tailor the outlines to suite your own particular configuration.
Securing the Terracotta Cluster and Components
Terracotta Server Array (TSA) using SSL, LDAP, JMX. See:
Terracotta Client (your application). See:
Terracotta Management Console (TMC). See:
The
Terracotta Management Console User Guide.
BigMemory Max security using JMX Authentication. See:
BigMemory .NET and C++ clients. See:
The
Cross-Language Clients User Guide.