Security Model
When it comes to Apache Ignite security, it is very important to note that by having access to any Ignite cluster node (a server node or a thick client node) it is possible to perform malicious actions on the cluster. There are no mechanisms that could provide protection for the cluster in such scenarios.
Therefore, all Discovery and Communication ports for Ignite server and thick client nodes should only be available inside a protected subnetwork (the so-called demilitarized zone or DMZ). Should those ports be exposed outside of DMZ, it is advised to control access to them by using SSL certificates issued by a trusted Certification Authority (please see this page for more information on Apache Ignite SSL/TLS configuration).
© 2025 The Apache Software Foundation.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.
Apache, Apache Ignite, the Apache feather and the Apache Ignite logo are either registered trademarks or trademarks of The Apache Software Foundation.