Table of Contents
Advertisement
This setup has two networks, one private (solid box) for the Cluster management servers and
data nodes, and one public (dotted box) where the SQL nodes reside. (We show the management
and data nodes connected using a gigabit switch since this provides the best performance.) Both
networks are protected from the outside by a hardware firewall, sometimes also known as a
network-based firewall.
This network setup is safest because no packets can reach the cluster's management or data
nodes from outside the network—and none of the cluster's internal communications can reach
the outside—without going through the SQL nodes, as long as the SQL nodes do not permit any
packets to be forwarded. This means, of course, that all SQL nodes must be secured against
hacking attempts.
2.
Using one or more software firewalls (also known as host-based firewalls) to control which packets
pass through to the cluster from portions of the network that do not require access to it. In this type
of setup, a software firewall must be installed on every host in the cluster which might otherwise be
accessible from outside the local network.
The host-based option is the least expensive to implement, but relies purely on software to provide
protection and so is the most difficult to keep secure.
This type of network setup for MySQL Cluster is illustrated here:
MySQL Cluster Security Issues
Important
With regard to potential security vulnerabilities, an SQL node is no different
from any other MySQL server. See
Against
Attackers", for a description of techniques you can use to secure
MySQL servers.
1686
Section 6.1.3, "Making MySQL Secure
Advertisement
Chapters
Table of Contents
Troubleshooting
