Transparent data encryption
Transparent data encryption (TDE) protects at rest data. At rest data is data that has been flushed from the memtable in system memory to the SSTables on disk.
As shown in the diagram, data stored in the commit log is not encrypted. If you need commit log encryption, store the commit log on an OS-level encrypted file system using Gazzang, for example. Data can be encrypted using different algorithms, or you can choose not to encrypt data at all. SSTable data files are immutable (they are not written to again after they have been flushed to disk). SSTables are encrypted only once when they are written to disk.
The CassandraFS (Cassandra file system) is accessed as part of the Hadoop File System (HDFS) using the configured authentication. If you encrypt the CassandraFS keyspace's sblocks and inode tables, all CassandraFS data gets encrypted.
Limitations and recommendations¶
Data is not directly protected by TDE when accessed using the following utilities.
|Utility||Reason Utility Is Not Encrypted|
|json2sstable||Operates directly on the sstables.|
|nodetool||Uses only JMX, so data is not accessed.|
|sstable2json||Operates directly on the sstables.|
|sstablekeys||Operates directly on the sstables.|
|sstableloader||Operates directly on the sstables.|
|sstablescrub||Operates directly on the sstables.|
Compression and encryption introduce performance overhead.
TDE requires a secure local file system to be effective. The encryption certificates are stored locally; therefore, an invasion of the local file system invalidates encryption.
To get the full capabilities of TDE, download and install the Java Cryptography Extension (JCE), unzip the jar files and place them under $JAVA_HOME/jre/lib/security. JCE-based products are restricted for export to certain countries by the U.S. Export Administration Regulations.