O'Reilly logo

Learning MCollective by Jo Rhett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Middleware Security

In this section we will discuss two different ways to enhance the security of your middleware configuration. Both of these options use Transport Layer Security (TLS) which is an enhanced version of Secure Sockets Layer (SSL).

TLS protects traffic by encrypting it with a pre-arranged symmetric key. This key is used to encrypt the traffic flowing between the two sides. Each side of the TLS connection can (optionally) validate the far side’s X.509 certificate. This asymmetric cryptography can assure that the far side with whom they are communicating is valid prior to sending any data.

Tip

As an example, when you connect to your bank’s website your browser does a cryptographic validation that the website is really your bank’s site. It does this by ensuring that the bank’s public key was signed (in an X.509 certificate) by an authority that the browser recognizes and trusts.

The bank does not usually require your browser to provide a certificate back to it proving who you are, although this is a valid TLS configuration.

If you wish to implement TLS encryption or Trusted TLS authentication it is essential that you understand these configuration choices.

  1. Anonymous TLS Security provides the easiest way to encrypt transport between the MCollective nodes and the middleware. Similar to web clients connecting to a secure web site, the client is not required to have a valid TLS certificate. The secure session is set up and end-to-end encryption protects the username ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required