Kafka Security Options


When creating an Instaclustr Kafka cluster there is one security option to consider: whether or not to encrypt traffic between clients and brokers. Regardless of which client ⇆ broker encryption settings you choose, Instaclustr enforces broker ⇆ broker encryption and client authentication using SCRAM on all clusters.

If the client ⇆ broker encryption option is enabled, TLS will be used to encrypt traffic between clients and brokers. It is important to note that using TLS can result in an approximately 30% performance reduction.

Client ⇆ Broker Encryption

Note: Client ⇆ broker encryption is not available on AWS “Developer” node sizes.

This option determines whether or not to use TLS to encrypt communication between clients and brokers. Instaclustr recommends this option be enabled if the data being communicated is sensitive and is being sent over the public network.

Site by Swell Design Group