Red Hat SummitChapter 2. New Features and Enhancements
2.1. Data Security
Copy linkLink copied to clipboard!
Red Hat JBoss Data Grid 6.3 has several new features to increase security of data stored in the grid.
2.1.1. User Authentication
Copy linkLink copied to clipboard!
The Hot Rod protocol has been enhanced in Red Hat JBoss Data Grid 6.3 to support user authentication via Simple Authentication and Security Layer (SASL) framework. With this feature, you can require a user who executes a remote application to authenticate before attempting an operation on a secured cache.
In Library mode, user authentication is delegated to the container in which the application is running.
2.1.2. Role-based Access Control
Copy linkLink copied to clipboard!
Red Hat JBoss Data Grid 6.3 features role-based access control for operations on designated secured caches. This enables you to assign roles to the users who access your application, and further, specify a mapping of roles to permissions for cache and cache-manager operations. For such secured caches, authenticated users can only perform those operations for which their role is authorized.
Role-based access control is available in both Library and Remote Client-Server modes.
2.1.3. Node Authentication and Authorization
Copy linkLink copied to clipboard!
JBoss Data Grid 6.3 provides the ability to require new nodes or merging partitions to authenticate before joining a cluster. Only authenticated nodes that are authorized to join the cluster are permitted to join. This protects your data by not allowing unauthorized servers to store your data. This feature is available in both Library and Remote Client-Server modes.
2.1.4. Encrypted Communication Within the Cluster
Copy linkLink copied to clipboard!
JBoss Data Grid 6.3 increases data security through support for encryption of communication between the nodes comprising the cluster, using user-specified cryptography algorithm as supported by the JCA (Java Cryptography Architecture). This feature is available in both Library and Remote Client-Server modes.
Note
Encryption of communication between Hot Rod Client and JBoss Data Grid Server using TLS/SSL is available already in JBoss Data Grid 6.2.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}