When it comes to connecting to an Apache Kafka cluster, you have the option to use encrypted and plaintext connections. But which one should you use and when? In this article, we'll explore the pros and cons of each type of connection to help you make an informed decision.
Encrypted Connections - safe data transfer
An encrypted connection, such as TLS/SSL, provides a secure way to transfer data between two systems. This means that any information exchanged between brokers and clients cannot be read or intercepted by unauthorized parties.
Also, when connecting over an encrypted connection, clients can verify that they are connected to the correct broker and that no one is performing a man-in-the-middle attack. The client then verifies that the broker has a valid certificate for the URL that the client is using to connect.
For all these reasons, it's highly recommended to use encrypted connections when connecting to a cluster over public internet.
Although, in some cases - encrypted connections might not be the best option.
The downside of encrypted connections
Even if encrypted connections are the secure choice - there are still cases where unencrypted plaintext connections are to be preferred. Since encrypted messages need to be decrypted before processing, the broker adds overhead to the processing of messages in the broker; this process will consume more CPU and time, putting a heavier load on the system.
Luckily, there are ways to ensure security even for plaintext connections.
Using VPC peering to secure plaintext connections
CloudKarafka only allows plaintext connections if you establish a VPC peering between your servers and the CloudKarafka cluster. VPC peering is a way to connect two or more Virtual Private Clouds (VPCs) within a single cloud provider's network, allowing them to communicate with each other as if they were on the same network. This keeps the data off the public internet, so there is no need to use encryption.
So, in a case where VPCs are used - a plaintext connection will act more efficiently than encrypted connections as messages don't need to be decrypted before processing.
Ultimately, the decision to use encrypted or plaintext connections depends on your specific use case and the level of security you require.
We hope you like this blog post. How to set up and establish encrypted and plaintext messages can be found in our documentation:
If you have any questions or queries, don't hesitate to contact us. Our team is always here to help.
All the best, CloudKarafka team
About CloudKarafka
CloudKarafka is a trusted hosting provider of Apache Kafka. Provided by 84codes, a Swedish tech company dedicated to simplifying cloud infrastructure for developers. If you have any queries or problems, our support team are on hand 24/7 to help you. Just send an email to support@cloudkarafka.com.
