To prevent unauthorized access to your data, RS databases support the TLS protocol (the more secure successor to SSL) that includes: Encryption - Makes sure that the traffic can only be read by the sender and recipient. Authentication - The server or client makes sure that it communicates with an authorized entity. When you enable TLS for a database or CRDB, encryption is enforced on either all communications or only communications between clusters, and RS sends its certificate to clusters and clients for authentication to the database or CRDB.
Redis Enterprise Software (RS) can integrate with your identity provider using LDAP authentication. After you configure the LDAP connection, you can give LDAP users access to the RS web UI according to the permissions that you assign. saslauthd is the process that handles LDAP authentication requests to RS. Note - LDAP authentication is not yet supported for Redis ACL Users. To configure LDAP authentication for RS web UI users on a running cluster:
If you configure it, Redis Enterprise Software (RS) can use industry-standard encryption to protect your data in transit between a Redis client and RS. For this purpose, RS uses transport layer security (TLS) protocol, which is the more secure successor to SSL. To enable TLS you must configure the RS cluster nodes, the database, and the client, as detailed below. Configuration of the RS nodes By default, each cluster node has a different set of self-signed certificates.
To help reduce the risk of a brute force attacks on Redis Enterprise Software (RS), RS includes user login restrictions. You can customize the restrictions to align with the security policy of your organization. Every failed login is shown in the logs. Note - Customers, such as large organizations, that use LDAP to manage external authentication must set these restrictions in the LDAP service. User Login Lockout The parameters for the user login lockout are: