This question was originally posted on DCIM Support by Lai Yuan Jiun on 2018-05-03
DCO has PostgreSQL communication between the active and DR node on port 5432. Same port for opening DCO ETL Database for other servers to access which is unencrypted.
Can you advise how do we secure this?
Can we encrypt this via native database SSL in the DCO setup?
This answer was originally posted on DCIM Support by Jef Faridi on 2018-05-09
Hi Lai Yuan,
I have registered an enhancement case for this, so the possible improvements can be developed and added into a future DCO release. Thanks
Hi Lai Yuan (Lai Yuan Jiun)
Further investigation of this case: it turns out that the secure communication is supported already.
Database communication between "master" and DR node is secure (over SSL).
External access to ETL internal databases allow for both insecure access and secure access (over SSL) - both require username/password authentication. If you use psql command to access the internal ETL database you can e.g. use a connection string like:
psql "sslmode=require host=<DCO IP> dbname=<ETL database name> user=<ETL user>" --password
The psql command will then prompt for the ETL user's password.
If you are using JDBC access with a driver compiled with SSL support, you can use the connection string:
jdbc:postgresql://<DCO IP>:5432/<ETL database name>?sslmode=require
Connection would then be secure.
This comment was originally posted on DCIM Support by Lai Yuan Jiun on 2018-05-30
Thanks Jef, we have testing it and it works.
This comment was originally posted on DCIM Support by Jef Faridi on 2018-05-30
Hi Lai Yuan,
You are welcome & many thanks for the feedback.
Discuss challenges and get support in energy and automation with 30,000+ experts and peers.
Over 10,000+ support articles are available to help you find answers to your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!