Security in the cloud
There are a couple of security measures you can implement in a cloud: network ACLs and secure XDCR.
Network ACLs and security groupsFor the Amazon Virtual Private Cloud (VPC), security is provided with:
- Network Access Control Lists (ACLs), which are an optional layer of security that acts as a firewall for controlling traffic in and out of a subnet.
- Security groups, which act as a virtual firewall for your instance to control inbound and outbound traffic.
- On the host level, you can set individual SSL keys using a bashing host. Make sure that accesses to your Couchbase instances are logged and audited through Amazon’s logging capabilities.
- Obtain customer generated key pairs.
- Set up an outbound instance of a firewall in the VPC.
- Sign your calls using a certificate or a customer key to protect your access.
Secure XDCRSecure Cross Datacenter Replication (XDCR) enables you to encrypt traffic between two data centers using an SSL connection. All traffic in the source and destination data centers will be encrypted, which will result in a slight increase in the CPU load since any encryption needs additional CPU cycles.
As a security best practice, periodically rotate the XDCR certificates and also make sure that you instantiate a new certificate on the remote cluster.
- Acces the dialog at
- Enter the following information:
- Cluster Name
- Name of the cluster you are adding.
- The hostname or IP address of a node in the cluster you are adding.
- Username and password or the login credentials for the remote cluster
- Enable encryption
If this option is selected, XDCR data encryption occurs using SSL. A window will open where you have to paste the SSL certificate that has been obtained from the remote cluster. This certificate is available on the remote cluster on the location
Attention: Do not share the certificate with any unintended entities.Attention: Regenerate the certificate periodically based on your organizational requirements.