Enabling Inter-Node Spread Encryption

Jim_KnicelyJim_Knicely - Select Field - Administrator

Internode SSL allows you to use SSL to secure communication between nodes within a Vertica cluster. It is important to secure communications between Vertica nodes if you do not trust the network between the nodes.

The EncryptSpreadComm configuration parameter enables encryption on the control channel.

Example:

dbadmin=> SELECT parameter_name, current_value, default_value, description
dbadmin->   FROM configuration_parameters
dbadmin->  WHERE parameter_name = 'EncryptSpreadComm';
  parameter_name   | current_value | default_value |                                       description
-------------------+---------------+---------------+------------------------------------------------------------------------------------------
EncryptSpreadComm |               |               | Set this to enable inter-node spread encryption. See documentation for supported values.
(1 row)

dbadmin=> SELECT SET_CONFIG_PARAMETER('EncryptSpreadComm', 'vertica');
    SET_CONFIG_PARAMETER
----------------------------
Parameter set successfully
(1 row)

dbadmin=> \q

[dbadmin@s18384357 ~]$ admintools -t stop_db -d test_db -F
Info: no password specified, using none
        Connecting to database
        Issuing shutdown command to database
Database test_db stopped successfully

[dbadmin@s18384357 ~]$ admintools -t start_db -d test_db -F
Info: no password specified, using none
Spread encryption is enabled. Key rotation will be performed.
        Starting nodes:
                v_test_db_node0001 (74.208.100.58)
        Starting Vertica on all nodes. Please wait, databases with a large catalog may take a while to initialize.
        Node Status: v_test_db_node0001: (DOWN)
        Node Status: v_test_db_node0001: (DOWN)
        Node Status: v_test_db_node0001: (UP)
Database test_db: Startup Succeeded.  All Nodes are UP

[dbadmin@s18384357 ~]$ vsql
Welcome to vsql, the Vertica Analytic Database interactive terminal.

Type:  \h or \? for help with vsql commands
       \g or terminate with semicolon to execute query
       \q to quit

dbadmin=> SELECT parameter_name, current_value, default_value, description
dbadmin->   FROM configuration_parameters
dbadmin->  WHERE parameter_name = 'EncryptSpreadComm';;
  parameter_name   | current_value | default_value |                                       description
-------------------+---------------+---------------+------------------------------------------------------------------------------------------
EncryptSpreadComm | vertica       |               | Set this to enable inter-node spread encryption. See documentation for supported values.
(1 row)

Helpful links:
https://www.vertica.com/docs/9.1.x/HTML/index.htm#Authoring/Security/SSL/InternodeSSL.htm
https://www.vertica.com/docs/9.1.x/HTML/index.htm#Authoring/AdministratorsGuide/ConfiguringTheDB/SecurityParameters.htm

Have fun!

Sign In or Register to comment.