Configuring a Cassandra cluster for internal encryption
This content applies only to On-premises and Client-managed cloud environments
Protect data that is transferred internally between Decision Data Store (DDS) nodes in Pega Platform by using node-to-node encryption.
DDS nodes require node-to-node encryption.
- In the
prconfig.xmlfile, enable node-to-node encryption by setting the dnode/cassandra_internode_encryption property to true.For more information about the
prconfig.xmlfile, see Changing node settings by modifying the prconfig.xml file and Downloading a prconfig configuration file for a node.
- Configure the remaining
prconfig.xmlsettings.For more information about the
prconfig.xmlproperties for node-to-node encryption, see Prconfig properties for Cassandra cluster encryption.
- Create Java keystores and truststores along with SSL certificates.For more information, see Creating Java keystores and truststores for Cassandra encryption.
Note: If you do not create separate Java keystores and truststores for external encryption, Cassandra uses the keystores and trustores that you specify for internal encryption.
- Copy the
truststore.sharedfiles to the external Cassandra directory.
- In the
cassandra.yamlfiles, update the configuration with the file paths and passwords to the certificates.
- Restart Pega Platform for the changes to take effect.
Previous topic Creating Cassandra user roles with limited database access Next topic Prconfig properties for Cassandra cluster encryption