MySQL Cluster Security Issues
1688
implement a MySQL Cluster network setup of this type, or of a “mixed” type as discussed under the
next item.
3. It is also possible to employ a combination of the first two methods, using both hardware and
software to secure the cluster—that is, using both network-based and host-based firewalls. This is
between the first two schemes in terms of both security level and cost. This type of network setup
keeps the cluster behind the hardware firewall, but permits incoming packets to travel beyond the
router connecting all cluster hosts to reach the SQL nodes.
One possible network deployment of a MySQL Cluster using hardware and software firewalls in
combination is shown here:
In this case, you can set the rules in the hardware firewall to deny any external traffic except to SQL
nodes and API nodes, and then permit traffic to them only on the ports required by your application.
Whatever network configuration you use, remember that your objective from the viewpoint of keeping
the cluster secure remains the same—to prevent any unessential traffic from reaching the cluster while
ensuring the most efficient communication between the nodes in the cluster.
Because MySQL Cluster requires large numbers of ports to be open for communications between
nodes, the recommended option is to use a segregated network. This represents the simplest way to
prevent unwanted traffic from reaching the cluster.
Note
If you wish to administer a MySQL Cluster remotely (that is, from outside the
local network), the recommended way to do this is to use
ssh
or another secure
login shell to access an SQL node host. From this host, you can then run the
management client to access the management server safely, from within the
Cluster's own local network.
Even though it is possible to do so in theory, it is not recommended to use
ndb_mgm
to manage a Cluster directly from outside the local network on which
the Cluster is running. Since neither authentication nor encryption takes place
between the management client and the management server, this represents an
Содержание 5.0
Страница 1: ...MySQL 5 0 Reference Manual ...
Страница 18: ...xviii ...
Страница 60: ...40 ...
Страница 396: ...376 ...
Страница 578: ...558 ...
Страница 636: ...616 ...
Страница 844: ...824 ...
Страница 1234: ...1214 ...
Страница 1426: ...MySQL Proxy Scripting 1406 The following diagram shows an overview of the classes exposed by MySQL Proxy ...
Страница 1427: ...MySQL Proxy Scripting 1407 ...
Страница 1734: ...1714 ...
Страница 1752: ...1732 ...
Страница 1783: ...Configuring Connector ODBC 1763 ...
Страница 1793: ...Connector ODBC Examples 1773 ...
Страница 1839: ...Connector Net Installation 1819 2 You must choose the type of installation to perform ...
Страница 1842: ...Connector Net Installation 1822 5 Once the installation has been completed click Finish to exit the installer ...
Страница 1864: ...Connector Net Visual Studio Integration 1844 Figure 20 24 Debug Stepping Figure 20 25 Function Stepping 1 of 2 ...
Страница 2850: ...2830 ...
Страница 2854: ...2834 ...
Страница 2928: ...2908 ...
Страница 3000: ...2980 ...
Страница 3122: ...3102 ...
Страница 3126: ...3106 ...
Страница 3174: ...3154 ...
Страница 3232: ...3212 ...