Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Securing Kafka and Cassandra JMX

Updated on July 5, 2022

Pega Platform uses JMX to communicate to the Kafka and Casandra processes. This communication can be secured by enabling certain settings in prconfig file.

The process can be differentiate between:

Kafka and Cassandra JMX for non-Windows OS

Cassandra JMX authentication settings

  1. Open the prconfig.xml file.
  2. Add the following values: 
    <!--
Please provide username and password to enable jmx authentication
for cassandra. To disable authentication, use blank values("").
-->
<env name="dnode/cassandra_jmx_username" value="c_jmx_user"/>
<env name="dnode/cassandra_jmx_password" value="c_jmx_password"/>
<!--
This setting should be set to true (enabled) on first launch after
hotfix installed and platform is restared.
-->
<env name="dnode/overwrite_cassandra_distribution" value="true"/>
  3. Save the changes.

Kafka JMX authentication settings

  1. Open the prconfig.xml file.
  2. Add the following values: 
    <!--
Please provide username and password to enable jmx authentication
for kafka. To disable authentication, use blank values("").
-->
<env name="dsm/services/stream/pyJmxUser" value="k_jmx_user"/>
<env name="dsm/services/stream/pyJmxPassword"
value="k_jmx_password"/>
  3. Save the changes.

Note: Restart Pega Platform once all settings are included in prconfig.xml file.

Kafka and Cassandra JMX for Windows OS

Cassandra JMX authentication settings

Create a password file:

  1. Create a password file with an extension .password. Example: cassandra_jmx_auth.password.
  2. Add usernamepassword to the file (c_jmx_user c_jmx_password)
  3. Save the contents.
  4. Follow instructions from this Oracle document to set file permissions to make sure only the owner has access the file.

Add settings to prconfig file:

  1. Open the prconfig.xml file.
  2. Add the following values: 
    <!--
Please provide username and password to enable jmx authentication
for cassandra. To disable authentication, use blank values("").
-->
<env name="dnode/cassandra_jmx_username" value="c_jmx_user"/>
<env name="dnode/cassandra_jmx_password" value="c_jmx_password"/>
<env name="dnode/cassandra_jmx_passwordfile" value="
<Cassandra_Password_File_Path>"/>
<!--
This setting should be set to true (enabled) on first launch after
hotfix installed and platform ins restared.
-->
<env name="dnode/overwrite_cassandra_distribution" value="true"/>
  3. Save the changes.

Kafka JMX authentication settings

Create a password file:

  1. Create a password file with an extension .password. Example: kafka_jmx_auth.password.
  2. Add usernamepassword to the file (k_jmx_user k_jmx_password )
  3. Save the contents.
  4. Follow instructions from this Oracle document to set file permissions to make sure only the owner has access the file.

Add settings to prconfig file:

  1. Open the prconfig.xml file.
  2. Add the following values: 
    <!--
Please provide username and password to enable jmx authentication
for kafka. To disable authentication, use blank values.
-->
<env name="dsm/services/stream/pyJmxUser" value="k_jmx_user"/>
<env name="dsm/services/stream/pyJmxPassword"
value="k_jmx_password"/>
<env name="dsm/services/stream/pyJmxremotePasswordFile" value="
<Kafka_Password_File_Path>">
  3. Save the changes.

Note: Restart Pega Platform once all settings are included in prconfig.xml file.

Tags

Pega Platform 8.7 Decision Management

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Support Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us