1

A Zookeeper architecture question for you ZK Gurus:

I use zookeeper to manage messaging to a cloud of worker machines. Currently the application servers that control the messages and the workers are in the same infrastructure (network). I'm considering allowing clients to communicate with these servers outside of the network from arbitrary locations. I've read about Zookeepers ACL and Authentication Capabilities but I notice that digest sends the passwords in cleartext. I'd be concerned about securing the socket connection and protecting against outside attacks. I dont see anything online telling me that this IS/IS NOT something that can/should be done with Zookeeper.

Is this a common architecture with Zookeeper and are there any suggestions? Am I barking up the wrong tree for this type of work?

alph486
  • 1,209
  • 2
  • 13
  • 26

1 Answers1

2

if you do not have a secured network (VPN), this in not something you should do for exactly the reason pointed out. you can mitigate the problem quite a bit using the kerberos plug in, which will secure the authentication and authorization, but you still will not get confidentiality (encryption). what you really need is SSL. things are setup now so that SSL support could be implemented, but code still needs to be written :)

Benjamin Reed
  • 402
  • 1
  • 4
  • 11