Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Securing Kafka and Cassandra JMX

Updated on July 5, 2022

Pega Platform uses JMX to communicate to the Kafka and Casandra processes. This communication can be secured by enabling certain settings in prconfig file.

Kafka and Cassandra JMX for non-Windows OS

Cassandra JMX authentication settings

  1. Open the prconfig.xml file.
  2. Add the following values:
    <!--
    Please provide username and password to enable jmx authentication
    for cassandra. To disable authentication, use blank values("").
    -->
    <env name="dnode/cassandra_jmx_username" value="c_jmx_user"/>
    <env name="dnode/cassandra_jmx_password" value="c_jmx_password"/>
    <!--
    This setting should be set to true (enabled) on first launch after
    hotfix installed and platform is restared.
    -->
    <env name="dnode/overwrite_cassandra_distribution" value="true"/>
  3. Save the changes.

Kafka JMX authentication settings

  1. Open the prconfig.xml file.
  2. Add the following values:
    <!--
    Please provide username and password to enable jmx authentication
    for kafka. To disable authentication, use blank values("").
    -->
    <env name="dsm/services/stream/pyJmxUser" value="k_jmx_user"/>
    <env name="dsm/services/stream/pyJmxPassword"
    value="k_jmx_password"/>
  3. Save the changes.

Note: Restart Pega Platform once all settings are included in prconfig.xml file.

Kafka and Cassandra JMX for Windows OS

Cassandra JMX authentication settings

Create a password file:

  1. Create a password file with an extension .password. Example: cassandra_jmx_auth.password.
  2. Add usernamepassword to the file (c_jmx_user c_jmx_password)
  3. Save the contents.
  4. Follow instructions from this Oracle document to set file permissions to make sure only the owner has access the file.

Add settings to prconfig file:

  1. Open the prconfig.xml file.
  2. Add the following values:
    <!--
    Please provide username and password to enable jmx authentication
    for cassandra. To disable authentication, use blank values("").
    -->
    <env name="dnode/cassandra_jmx_username" value="c_jmx_user"/>
    <env name="dnode/cassandra_jmx_password" value="c_jmx_password"/>
    <env name="dnode/cassandra_jmx_passwordfile" value="
    <Cassandra_Password_File_Path>"/>
    <!--
    This setting should be set to true (enabled) on first launch after
    hotfix installed and platform ins restared.
    -->
    <env name="dnode/overwrite_cassandra_distribution" value="true"/>
    
  3. Save the changes.

Kafka JMX authentication settings

Create a password file:

  1. Create a password file with an extension .password. Example: kafka_jmx_auth.password.
  2. Add usernamepassword to the file (k_jmx_user k_jmx_password )
  3. Save the contents.
  4. Follow instructions from this Oracle document to set file permissions to make sure only the owner has access the file.

Add settings to prconfig file:

  1. Open the prconfig.xml file.
  2. Add the following values:
    <!--
    Please provide username and password to enable jmx authentication
    for kafka. To disable authentication, use blank values.
    -->
    <env name="dsm/services/stream/pyJmxUser" value="k_jmx_user"/>
    <env name="dsm/services/stream/pyJmxPassword"
    value="k_jmx_password"/>
    <env name="dsm/services/stream/pyJmxremotePasswordFile" value="
    <Kafka_Password_File_Path>">
  3. Save the changes.

Note: Restart Pega Platform once all settings are included in prconfig.xml file.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us