Securing the connection between Liberty, Solr, and ZooKeeper

You can secure the connection between Liberty, Solr, and ZooKeeper by using SSL.

Configure Liberty for SSL. For more information, see Configuring Liberty for SSL.

Create the Liberty truststore. For more information, see Configuring i2 Analyze to connect to a database instance using SSL.

Setting up an SSL connection to Solr and ZooKeeper is a three-part process. First, configure Solr to use SSL, then configure ZooKeeper to use SSL, and finally update the i2 Analyze configuration with the location of the Solr and ZooKeeper keystores and passwords.

The certificate in the Solr keystore is used to identify the Solr server. The certificate in the Liberty truststore is used to authenticate certificates that are received from the Solr keystore.

The certificate in the Solr keystore is also used for authentication within Solr itself, using the Solr truststore. The certificate in the Solr truststore is used to authenticate the certificate that it received from the Solr keystore.

The certificate in the ZooKeeper keystore is used to identify the ZooKeeper server. The certificate in the Liberty truststore is used to authenticate certificates that are received from the ZooKeeper keystore.

The certificate in the ZooKeeper keystore is also used for authentication within a ZooKeeper quorum, by using the ZooKeeper truststore. The certificate in the ZooKeeper truststore is used to authenticate the certificate that it received from the ZooKeeper keystore.

The certificate in the ZooKeeper truststore is used to authenticate certificates that are received from the Solr keystore.

The diagram shows the connection that you can secure by completing the following instructions. It also includes the keystores and truststores that are required for a single server.

Block diagram showing i2 Analyze components connection points, highlighting Solr and ZooKeeper to secure