Ignite Summit 2025 — Watch on demand 

Apache Ignite logo
Edit

Cluster Security

User Security

By default, all users can perform any updates on the cluster, or upload arbitrary code to the cluster and perform remote code execution with distributed computing. To improve security, we recommend configuring user roles and enabling authorization on the cluster.

Communication

By default, nodes use plain-text communication that is vulnerable to malicious actions. Ignite 3 separates communications between cluster nodes and communication with clients.

Node to Node Communication

Communication between nodes usually happens within the same data center. We recommend the following to improve the security of your cluster:

  • Enable SSL for cluster communication with the ignite.network.ssl node configuration.

  • Run the cluster in a trusted and isolated network.

Node to Client Communication

Client to server communication may be over internet or otherwise untrusted network. Only the client port (10800 by default) is typically exposed outside of the cluster. To securely interact with your clients:

© 2025 The Apache Software Foundation.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.