Pieter Humphrey

Database infrastructure, particularly for security and operations minded team members, shouldn&rsquo;t actually be very exciting. In fact, it should be as boring as possible, particularly for a database that&rsquo;s been powering massive scale infrastructure for over a decade. Let&rsquo;s save the excitement for less manual toil, accidents averted before they ever happen, better observability, and new tools that can help keep your production cluster up and running.&nbsp;
Last year&rsquo;s <a href="https://thenewstack.io/the-end-of-the-beginning-for-apache-cassandra/">Apache Cassandra 4.0 release</a> was possibly the most stable database release in history. This&nbsp; stability is an important foundation as Cassandra begins a new cycle of innovation. And while Cassandra 4.1 is delivering on that innovation today, the 5.0 discussion is well underway.&nbsp; Full <a href="https://medium.com/building-the-open-data-stack/an-apache-cassandra-breakthrough-acid-transactions-at-scale-8ea7d1954299">ACID transactions</a>, relational-style secondary indexes, and other landmark features are in development.&nbsp; Which makes it all the more reassuring that the commitment from the Cassandra community to maintain that hard-won stability is strong.&nbsp;
Cassandra 4.1 ships ready-for-your-production clusters to upgrade. Let&rsquo;s briefly look into why an upgrade could be compelling for your cluster or project. For a deep dive, watch the <a href="https://www.datastax.com/resources/webinar/cassandra-4-1-and-beyond">on-demand webinar</a> with Jeff Carpenter, the co-author of &ldquo;Cassandra: The Definitive Guide - 3rd Edition.&rdquo;
<h2>Security and Operations</h2>
Operating open source Cassandra can be challenging, as is securing it.&nbsp; The 4.1 release ships new tools and capabilities to help you not just keep your cluster up and running, but keep it humming. One such example is embodied by <a href="https://cwiki.apache.org/confluence/x/LY7OCg">CEP-10: Cluster and Code Simulations</a> allows for simulating operations on clusters. Operations are repeatable but pseudo-random, allowing the exploration of state space and correctness testing. This new infrastructure advances Cassandra&rsquo;s state-of-the-art distributed systems testing in service of delivering higher quality open source software with fewer defects.
<ul>
<li style="font-weight: 400;" aria-level="1">Operators will appreciate <a href="https://cwiki.apache.org/confluence/x/wxkRCQ">CEP-3: Guardrails</a>, disabled by default, but exist to prevent common anti-patterns. They are configured in cassandra.yaml, or via JMX at runtime. Warnings/Failures are logged and sent to driver clients when applicable. Learn more on the <a href="https://cassandra.apache.org/_/blog/Apache-Cassandra-4.1-Features-Guardrails-Framework.html">ASF Cassandra blog</a>. This is just the beginning, lots more to come!</li>
<li style="font-weight: 400;" aria-level="1"><a href="https://cwiki.apache.org/confluence/x/YIcjCw">CEP-13: Denylisting</a> gives Cassandra operators a new tool to help reduce the effect of overloaded partition keys on nodes (and the cluster).&nbsp; Operators can isolate specific partition keys that are read/write overloaded, saturated with live cells/tombstones, or experiencing DDOS attacks in production clusters.</li>
<li style="font-weight: 400;" aria-level="1">Do you use lightweight transactions (LWTs)?&nbsp; <a href="https://cwiki.apache.org/confluence/x/54cjCw">CEP-14</a> upgrades the Paxos implementation to v2, which in turn, upgrades LWTs transaction performance by 50%. Data integrity and consistency are also improved in scenarios like range movements.</li>
<li style="font-weight: 400;" aria-level="1"><a href="https://cwiki.apache.org/confluence/x/8AtACw">CEP-16: Auth Plugin Support for CQLSH</a> the change to the Cassandra command line tool, CQLSH, allows its authentication to source credentials from LDAP, Kerberos, and other stores.</li>
<li style="font-weight: 400;" aria-level="1"><a href="https://cwiki.apache.org/confluence/x/9YbOCg">CEP-9: Make SSLContext creation pluggable</a> creates an extension point for 3rd party SSL/TLS providers, paving the way for ecosystem or custom built integrations.</li>
<li style="font-weight: 400;" aria-level="1">Support for pre hashed passwords in CQL, eliminating plain text credentials. Learn more on the <a href="https://cassandra.apache.org/_/blog/Apache-Cassandra-4.1-Features-Client-side-Password-Hashing.html">ASF Cassandra blog</a>.</li>
<li style="font-weight: 400;" aria-level="1">Improvements to <code>nodetool</code>, backup and restore, and <code>GRANT/REVOKE/LIST</code> statements have been added.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</li>
</ul>
Cassandra 4.1 also introduces new system tables that help with security and monitoring. <code>ALL TABLES IN KEYSPACE</code> allows you to grant permissions for all tables and user types in a keyspace, while preventing the user from using those permissions on the keyspace itself.&nbsp; Also, <code>system.top_partitions</code> tracks top (Linux style!) partitions based on partition size or tombstone count per table. That data is exposed via JMX and <code>nodetool tablestats</code>.
<h2>Cassandra Developers</h2>
Sure, the Cassandra 4.1 release is primarily focused on the security and operations-minded, but that doesn&rsquo;t mean there aren&rsquo;t a few goodies for Cassandra and CQL developers.
<ul>
<li style="font-weight: 400;" aria-level="1">The <code>GROUP BY</code> clause for CQL queries has been improved with the ability to group by time range.</li>
<li style="font-weight: 400;" aria-level="1">Queries can now use <code>CONTAINS</code> and <code>CONTAINS KEY</code> conditions in conditional updates for LWTs, making queries such as this possible:</li>
</ul>
<code>UPDATE mytable SET somefield = 4 WHERE pk = 'pkv' IF set_column CONTAINS 5</code>
Great! If you&rsquo;re still here, you&rsquo;ve probably found something useful for you and your team.&nbsp;&nbsp;
So let&rsquo;s talk about upgrades. The two biggest areas of change from 4.0 to 4.1 are:
<ul>
<li style="font-weight: 400;" aria-level="1">Configuration in cassandra.yaml</li>
<li style="font-weight: 400;" aria-level="1">Upgrade to Paxos v2&nbsp;</li>
</ul>
As part of <a href="https://issues.apache.org/jira/browse/CASSANDRA-15234">CASSANDRA-15234</a> we <a href="https://cassandra.apache.org/_/blog/Apache-Cassandra-4.1-Configuration-Standardization.html">standardized our cassandra.yaml parameters' names</a>, preserving backward compatibility with the old names. Units of parameters for type data rate, data storage and duration were also liberated from their units while still keeping backward compatibility. There are new flags in regards to parameters overloading and improvements and bug fixes to tighten and document the Cassandra configuration. Please carefully review the details <a href="https://cassandra.apache.org/doc/latest/cassandra/new/configuration.html">here</a>, and double check your configuration on startup to ensure no corner case was missed. To do that, it&rsquo;s recommended to check the logs for values loaded from cassandra.yaml as well as the Settings Virtual Table. This is because some properties have default null values which are changed programmatically later on, these changes are visible when you query the Settings Virtual Table. New configuration 4.1 parameters of type data rate, data storage, and duration were added in the new format only (numeric value + unit).
There&rsquo;s a more complete list of considerations for 4.0 -&gt; 4.1 upgrade (as well as Paxos v2 upgrade information for LWT users) in <a href="https://github.com/apache/cassandra/blob/cassandra-4.1/NEWS.txt">the Cassandra release notes on GitHub</a>. Jump into a <a href="https://cassandra.apache.org/_/community.html#discussions">community forum</a> if you are in doubt about anything!
<h2>The Cloud Native Future</h2>
<a href="https://thenewstack.io/apache-cassandra-4-1-building-the-database-your-kids-will-use/">Both the core Cassandra project and ecosystem are on the move</a>. There are newly pluggable implementations released in 4.1, creating extension points for:
<ul>
<li style="font-weight: 400;" aria-level="1">Memtable (persistent memory, tries memtables)</li>
<li style="font-weight: 400;" aria-level="1">Network encryption</li>
<li style="font-weight: 400;" aria-level="1">Authentication</li>
<li style="font-weight: 400;" aria-level="1">Schema storage services (like etcd)</li>
<li style="font-weight: 400;" aria-level="1">System wide guardrails&nbsp;</li>
</ul>
The doors are open to powerful new ecosystem opportunities! In addition to projects like <a href="https://stargate.io/">Stargate</a> providing database-as-APIs, <a href="https://k8ssandra.io/">K8ssandra</a> harmonizing Cassandra with Kubernetes, etcd, and exploratory work around a <a href="https://stargate.io/2022/05/23/towards-dynamodb-compatibility-for-cassandra.html">DynamoDB API for Stargate</a> &ndash; the Cassandra ecosystem is thriving and growing.
Energy is already building for Apache Cassandra 5.0. At the top of the list are two landmark changes that are worth getting excited about: full ACID transactions and SAI / Storage Attached Indexes (relational-style secondary indexes).
<a href="https://cwiki.apache.org/confluence/x/FQRACw">CEP-15</a> General Purpose Transactions features groundbreaking work rooted in years of research by Apple Inc and the University of Michigan. It&rsquo;s built on a next-generation distributed consensus protocol. This protocol, <a href="https://cwiki.apache.org/confluence/download/attachments/188744725/Accord.pdf">Accord</a>, aligns with a leaderless architecture like Cassandra&rsquo;s &ndash; in a manner that options like Spanner and Raft don&rsquo;t. Limited to those options, there wasn&rsquo;t a way for Cassandra to provide transactions with the linear scale and uptime guarantees that Cassandra users expect. Accord accomplishes consensus in one round trip and it doesn&rsquo;t require complex leader failover mechanisms. In short, it enables Cassandra to fulfill its design promises while delivering full ACID transactions.
<a href="https://cwiki.apache.org/confluence/x/7DZ4CQ">CEP-7: Storage Attached Indexes</a> (relational-style secondary indexes) is a commercial feature that was only available on DataStax Astra DB and DataStax Enterprise. It&rsquo;s being contributed back to the OSS community from DataStax. Relational-style secondary indexes are a powerful addition to your arsenal for any OLTP application. If you&rsquo;re new to them in Cassandra, <a href="https://www.datastax.com/dev/cassandra-indexing">check out this excellent primer</a> from Jeff Carpenter.
Taken together, there is no doubt that the pace of innovation in and around Cassandra is picking up, reborn in the cloud. Learn how to get involved in Apache open source <a href="https://cassandra.apache.org/_/development/index.html">on the web</a> or in <a href="https://cassandra.apache.org/_/community.html#discussions">community discussions</a>!
Want to learn more about Apache Cassandra? <a href="https://events.linuxfoundation.org/cassandra-summit/register/">Register now for the Cassandra Summit</a>, which takes place in San Jose, Calif., March 13-14, 2023. Use DataStax&rsquo;s code, CS23DS20, to save 20% on your pass.
Cassandra in your future? Try the <a href="https://cassandra.apache.org">Apache Cassandra page</a>.&nbsp;
<h2>Resources</h2>
<ol>
<li style="font-weight: 400;" aria-level="1"><a href="https://cassandra.apache.org/_/index.html">Apache Cassandra</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://stackoverflow.com/questions/tagged/cassandra">Cassandra on StackOverflow</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://www.datastax.com/products/luna">DataStax Luna - Apache Cassandra&trade; Support</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://www.datastax.com/events/cassandra-4-1-and-beyond">Cassandra 4.1 and beyond Webinar</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://www.datastax.com/resources/ebook/oreilly-cassandra-the-definitive-guide">Cassandra: The Definitive Guide - 3rd Edition</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://stargate.io/">Stargate.io</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://k8ssandra.io/">K8ssandra.io</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://docs.datastax.com/en/astra/docs/">Astra DB</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://www.datastax.com/products/datastax-astra/cdc-for-astra-db">Astra CDC</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://www.datastax.com/products/astra-streaming">Astra Streaming</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://dtsx.io/discord">Join our Discord: Fellowship of the (Cassandra) Rings&nbsp;</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://academy.datastax.com/">DataStax Academy</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://www.datastax.com/dev/certifications">DataStax Certifications</a></li>
<li style="font-weight: 400;" aria-level="1"><a href="https://www.datastax.com/workshops">DataStax Workshops</a></li>
</ol>

Build and scale cloud native apps

Discover the benefits of DBaaS and why your apps deserve an upgrade.

Learn about NoSQL Databases

Learn about NoSQL databases with Apache Cassandra and Astra DB.

2022 Recap: A Year for Customers, Community, and Real-Time Data

Highlights from 2022 and a glimpse into the year ahead.

ViewingIndustry

It’s time to upgrade to Cassandra 4.1

Sign up for our Developer Newsletter