cloud consciousness

Authors

Larry Warnock
Our CEO's take on cloud computing from a business perspective - plus tales of his travels.

Mike Frank
Gazzang's resident geek dishes on new technology, including hints and tips for data security.

Eddie Garcia
Author of our blog series, "The Bleeding Edge," Eddie reflects on how technology changes our every day lives - from hobbies to professions.

Dustin Kirkland
Tips, tricks, and announcements from our open-source guru about eCryptfs, Ubuntu, and other free software projects.

Chris Gillan
Gazzang's biggest evangelist scoops what's going on at Gazzang and how it affects the IT pro in the trenches.

David Tishgart
Gazzang's marketing guru looks at what's happening in the world of IT security and how it impacts you. Keep an eye out for 80's pop culture references.

Robert Linden
Our Lead Sr. Systems Engineer has a unique view of Gazzang's world. Dealing directly with almost every customer means involvement in both the trial process and the deployment of Gazzang's solutions into production. Check out this blog for a look at real customer use cases, tips & tricks, and best practices.

Subscribe to our blog

Your email:

Follow Me

Blog Roll

Current Articles | RSS Feed RSS Feed

Gazzang's Transparent Encryption for NDB nodes (MySQL Cluster) - a First Look

Posted by Mike Frank on Fri, Jan 27, 2012 @ 11:29 AM

MySQL Cluster usage has certainly continued to spread and recently accelerate well beyond its initial telco vertical roots into Healthcare, Financial Services, SaaS and more.  With those additions it certainly becomes desirable for many to provide transparent encryption on the NDB nodes where the data, logs, checkpoints that write to disk. I'll not go into all those reasons in this blog, but certainly there are plenty, visit our whitepapers section for more information, especially if you are running within hosted, managed, or cloud environments platforms. 

The solution for ndb in a nutshell was straight forward:
1. Set up Gazzang ezNcrypt Flex Platform 
2. Stop the ndb process prior to encrypting the ndb_data directory
3. Encrypt the ndb_data directory
ezncrypt -e  @ndbdata /home/mysql/my_cluster/ndb_data
4. Add a Flex ACL Rules granting ndbd access to the encryption keys.
ezncrypt-access-control -a "ALLOW @ndbdata * /home/mysql/mysql-cluster-gpl-7.1.18-linux-i686-glibc23/bin/ndbd"
5. Restart ndb

Note: if you setup a single node test environment or if for some reason want to run it for you will also need to add a rule for ndb_mgmd then also add - 

ezncrypt-access-control -a "ALLOW @ndbdata * /home/mysql/mysql-cluster-gpl-7.1.18-linux-i686-glibc23/bin/ndb_mgmd”

Certainly there are many more things you can do to protect MySQL Cluster data on Linux - and I will follow through with those details or details on usage in specific environments, but this is a good start and shows how easy this is to accomplish, and Gazzang adds key management, process, access, monitoring, and many other benefits aside from the encryption itself. For more ideas around that see our EMA paper or schedule an overview with us.

With the release of of our 2.2.2 product coming in February of 2012 you will see that we have added ndb to our supported engines list to MySQL. Gazzang's platform is simple and easy to install as you can see here.  If you are interested just Try it out.
Tags: , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics