Transparent Encryption for NDB nodes (MySQL Cluster) – a First Look
MySQL Cluster usage has certainly continued to spread and recently accelerate well beyond its initial telco vertical roots into Healthcare, Financial Services, SaaS and more. With those additions it certainly becomes desirable for many to provide transparent encryption on the NDB nodes where the data, logs, and checkpoints that write to disk. I’ll not go into all those reasons in this blog, but certainly there are plenty, these white papers provide more details, especially if you are running within hosted, managed, or cloud environments platforms.
The solution for ndb in a nutshell was straight forward:
1 Set up Gazzang ezNcrypt Flex Platform
2 Stop the ndb process prior to encrypting the ndb_data directory
3 Encrypt the ndb_data directory
ezncrypt -e @ndbdata /home/mysql/my_cluster/ndb_data
4 Add a Flex ACL Rules granting ndbd access to the encryption keys.
ezncrypt-access-control -a “ALLOW @ndbdata * /home/mysql/mysql-cluster-gpl-7.1.18-linux-i686-glibc23/bin/ndbd”
5 Restart ndb
Note: if you setup a single node test environment or if for some some reason want to run it for you will also need to add a rule for ndb_mgmd then also add -
ezncrypt-access-control -a “ALLOW @ndbdata * /home/mysql/mysql-cluster-gpl-7.1.18-linux-i686-glibc23/bin/ndb_mgmd”
Certainly there are many more things you can do to protect MySQL Cluster data on Linux – and I will follow through with those details or details on usage in specific environments including clouds, but this is a good start and shows how easy this is to accomplish, and Gazzang adds key management, process, access, monitoring, and many other benefits aside from the encryption itself. For more ideas around that see this EMA paper
With the release of of our 2.2.2 product coming in February of 2012 you will see that we have added ndb to our supported engines list to MySQL. Gazzangs platform is simple and easy to install and as you can see here. If you are interested just Try it out.