BigMemory 4.4.0 | Product Documentation | BigMemory Max Security Guide | Overview of BigMemory Max Security
 
Overview of BigMemory Max Security
Security can be applied to both authentication (such as login credentials) and authorization (the privileges of specific roles).
We recommend that you plan and implement a security strategy that encompasses all of the points of potential vulnerability in your environment, including, but not necessarily limited to, your application servers (Terracotta clients), Terracotta servers in the TSA and the Terracotta Management Console (TMC).
Note:
Terracotta does not encrypt the data on its servers, but applying your own data encryption is another possible security measure.
Scope of the SSL documentation
SSL and Java Security configuration is complex and very environment specific. This documentation assumes that you already have a working SSL configuration, and that you wish to add Terracotta to that configuration. Introducing SSL and Java Security into an environment where there was previously no SSL or Java security is outside the scope of this documentation.
The documentation assumes that you have a solid understanding of SSL, Java Security, and related concepts. There are many freely accessible documents on the web to guide you in learning and understanding SSL and Java Security; typical terms to search for are public key certificate, transport layer security (TLS) and the keytool utility.
Some of the descriptions in the following sections give examples of how you can use third party tools to help you set up your environment. These tools are widely used in the context of Java Security and are extensively documented on the web site of the tool supplier. In such cases, we do not attempt to document all possible options of the tools and limit ourselves to mentioning just the options required.
Note:
All commands or sequences of commands in the following descriptions for setting up the security configuration are intended as OUTLINES ONLY that describe the basics of getting SSL configured. The setups will generally NOT work out-of-the-box, since each customer has unique requirements. If you try to copy and paste the examples, your setup will probably not be valid. Therefore you should take the outlines only as a rough guide to what you need to do, and tailor the outlines to suite your own particular configuration.
Securing the Terracotta Cluster and Components
*Terracotta Server Array (TSA) using SSL, LDAP, JMX. See:
* Introduction to Security
* About Security in a Cluster
* Setting Up Server Security
* Setting Up a TSA to Use the Terracotta Management Server
* Using LDAP or Active Directory for Authentication
* Using Encrypted Keychains
*Terracotta Client (your application). See:
* Enabling SSL on Terracotta Clients
* Using Encrypted Keychains
* Serialization: Securing Against Untrusted Clients
*Terracotta Management Console (TMC). See:
*The Terracotta Management Console User Guide.
*BigMemory Max security using JMX Authentication. See:
* Configuring Security Using JMX Authentication.