Configure Security for Cache Server Nodes

Note

This feature is only available in NCache Enterprise Edition for .NET.

Pre-requisite

Before enabling Node Level Security, you have to enable Manager Security with user credentials.

Security for cache nodes can be configured through following steps:

Using NCache Web Manager

  • Launch NCache Web Manager by browsing to http://localhost:8251 (Windows) or <server-ip>:8251 (Windows + Linux).

  • In the right corner, click on Settings Icon to open Manager Settings.

  • From the left bar, click on Node Level Security.

  • Specify the cache server node IP for which you want to configure security. Click Verify.

Node Level Security NCache

  • Once the server node IP is verified, you will be able to expand the Domain Users list. This will display all users from the domain you entered previously. Select the respective users from Domain Users by clicking on > button.

  • Check the box Enable Security.

Enable NCache Node Security

Note

Click on Change Security Options to manage security for Web Manager. Follow the steps mentioned in Configure Security for Web Manager to configure web manager security.

  • Click on Apply.

  • This adds security for the server node, which is also saved in security.ncconf under the <administrators> tag.

Using PowerShell

Add-NodeSecurity cmdlet enables the user to configure node level security for the cache

Note
  • To enable security for the first time, there must be at least one user in the node's admin list.
  • The provided admin credentials must either be local admin or node admin credentials.

The following command enables security on 20.200.20.11 with john_smith as administrator where the primary LDAP controller is yourprimarydomain.

Add-NodeSecurity -EnableSecurity -AdminUserID john_smith -AdminPassword mypassword -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -NodeName 20.200.20.11

If you want to add more users, use the following command after step 1. The following command adds the user david_jones to the secured users list of the node 20.200.20.11 with yourprimarydomain as the primary domain controller. 

Add-NodeSecurity -AddUser -AdminUserID john_smith -AdminPassword mypassword -NewUser david_jones -NewUserPassword userpassword -NewUserDN "CN=David Jones,OU=admin,DC=yourdomain,DC=org" -PrimaryLdap yourprimarydomain -PrimaryLdapPort 389 -NodeName 20.200.20.11

Using Security Config

You can add node level security using the security.ncconf config file shipped at %NCHOME%/config. Populate the config file with your LDAP primary host and secondary if needed, ports on which these hosts will listen to the incoming authentication requests, and admin information. The snippet of this file after being populated is shown below:

<cache-security enabled="True">
    <ldap host="yourprimarydomain" port="389"/>
    <ldap-secondary host="yoursecondarydomain" port="389"/>
    <administrators>
        <admin id="john_smith" dn="CN=John Smith,OU=admin,DC=yourdomain,DC=org"/>
    </administrators>
</cache-security>

Refer to Security Config to get a detailed about the parameters of security.ncconf.

See Also

Configure Security for Cache Management
Configure Security for Client Nodes
Configure Encryption for Cache
Configure SSL/TLS Encryption in NCache