Enabling Transport Encryption on a Data Grid

ActiveSpaces transport encryption is based on the transport encryption of TIBCO FTL.

The following procedure uses command line options to specify the secure realm server options. See the FTL Administration guide for more information on running secure realm servers, realm server command line options, and realm server configuration properties.

Prerequisites

If the machine on which you run the primary realm server has multiple network interface cards, ensure that the host name is mapped to the IP address that you use to start your primary realm server. Otherwise, the certificate generated by the primary realm server might use one the other available IP addresses. As a result of the IP address mismatch, ActiveSpaces processes would not be able to connect to the primary realm server..

Procedure

  1. Start a secure primary realm server and specify a password for the keystore: 
    --secure pass:<password>
  2. Ensure that the trust file created by the primary realm server is copied to locations that can be accessed by any of the affiliated realm server (for example, backup or satellite), each of the data grid’s processes, and client processes.
  3. Start the affiliated realm servers (for example. backup or satellite) with the following transport encryption options: 
    --secure pass:<password>
--tls.trust.file <path>
  4. After the secure realm servers have been started, create the data grid configuration using the encrypted_connections option and set its value to all. 
    grid create copyset_size=1 statekeeper_count=3 encrypted_connections=all mygrid
  5. Define the component processes of your data grid. See Defining a Data Grid.
Related concepts