I've been struggling with a similar problem ... although we feel like we can trust our server-to-server communication, we cannot trust our server-to-client communication. Its ironic ... ZooKeeper is designed to solve a problem of mass ad-hoc configuration and data storage - yet, its not really designed from the ground up to run out on the open internet with things like SSL.
Anyways... to solve our client-to-server communication we have put 'stunnel' on each of our ZooKeeper nodes acting as an SSL-frontend to the main ZooKeeper client port. Our stunnel configuration uses certificate-based authentication to verify that only our own clients can connect. Because this authentication is handled at the SSL level, no protocol information can pass at all before the authentication has already taken place. Our ZooKeeper client machines are also configured with an Stunnel 'client' that redirects the local ZooKeeper port to one of our ZooKeeper servers.
Stunnel does a pretty good job at this ... it has built in SSL caches so that frequent connects/disconnects do not always cause an SSL re-negotiation from scratch, it allows for a relatively high amount of connections to a given machine (I've tested over 5000 concurrent connections to a single host in previous jobs). Additionally, it adds a little bit of redundancy because Stunnel can take a 'pool' of servers to connect to, and will round-robin through them until it rinds a working server.
On Feb 20, 2012, at 6:38 AM, Bill Vochatzer wrote:
> Greetings Zookeepers,
> I'm new to the Zookeeper world and I'm excited about using it in my
> I'm interested in deploying Zookeeper servers over a WAN and the
> requirements of the system would need to enforce the communication between
> the Zookeeper servers to be encrypted.
> I've scoured the documentation around the interwebs. If I understand what
> I read, currently Zookeeper does not support inter-server encryption
> I'm curious to your insights on a few things:
> 1) Did I understand correctly that there is not support for inter-server
> 1a) Assuming I understood, in current experience has this been a problem
> for anyone and what might be done to make it work (i.e. SSL tunnel)?
> 2) Does the addition of netty in 3.4 offer some implementation of this
> feature? I couldn't quite figure it out from the documentation.
> 3) I notice that there is a jira issue (
> https://issues.apache.org/jira/browse/ZOOKEEPER-1000) open regarding this
> subject. Is there a road map on a future enhancement?
> Thanks for your time
> Billy V