Home
Configuring
Create a basic or an enterprise domain which is a single point for configuring and managing common resources, security, and instances.
Configuring security
Each Teracloud® Streams domain and instance maintains its own security configuration.
Securing a Teracloud® Streams cluster
While applications are deployed into production environments with specific recommendations that apply to individual customers, enterprise organizations generally have security policies and procedures that must be met and followed. To meet enterprise requirements, a combination of product and environment configuration is needed. The following are some key features using the standard information security CIA triad.

Welcome
Learn about the core capabilities of Teracloud® Streams, its architecture, and key concepts.
Installing
Use this information to install, upgrade, and uninstall the Teracloud® Streams product.
Configuring
Create a basic or an enterprise domain which is a single point for configuring and managing common resources, security, and instances.
- Setting up a basic domain on a single resource
  A basic domain has a single Teracloud® Streams resource and user. This type of domain is typically used for test or development environments.
- Setting up an enterprise domain on multiple resources
  An enterprise domain can have multiple resources and users. This type of domain is typically used for production environments. You can configure high availability to ensure that Teracloud® Streams can continue to run even if resources fail or are not available.
- Configuring security
  Each Teracloud® Streams domain and instance maintains its own security configuration.
  - User authorization
    Teracloud® Streams uses access control lists (ACLs) to manage user authorization for domains and instances. An ACL contains the type of domain and instance objects to secure and the actions that a user or group is authorized to perform against the object. The ACLs are initialized when you create a domain or instance.
  - User authentication
    The default user authentication method for Teracloud® Streams domains is PAM or LDAP. For a basic domain, Teracloud Streams uses PAM. For an enterprise domain, you can specify either LDAP or PAM as the default method when you create the domain, and then customize user authentication after the domain is created.
  - Linux users and Teracloud® Streams jobs
    To determine which Linux user has the authority to run the jobs for a Teracloud® Streams instance, you must first determine which user is running the domain controller services for your domain. The security implications of the instance.runAsUser and instance.canSetPeOSCapabilities property settings also need to be considered.
  - Changing the cryptographic protocol
    Many domain and instance services support connections that use Transport Layer Security (TLS) cryptographic protocols. You can specify which cryptographic protocols the services use for secure communication by setting domain and instance properties. Starting with Teracloud® Streams Version 7.2.0, the default protocol setting is TLSv1.3, which indicates that TLS 1.3 or later protocols are used.
  - Securing a Teracloud® Streams cluster
    While applications are deployed into production environments with specific recommendations that apply to individual customers, enterprise organizations generally have security policies and procedures that must be met and followed. To meet enterprise requirements, a combination of product and environment configuration is needed. The following are some key features using the standard information security CIA triad.
- Configuring audit logging
  Teracloud® Streams supports comprehensive, multiple-level auditing of product and user operations. By default, audit logging is not enabled.
- Configuring transport mechanisms
  Teracloud® Streams supports several high-performance and configurable transport mechanisms for communicating across processing elements (PEs). You can configure the transport mechanism by updating Teracloud Streams properties.
- Configuring a checkpoint data store
  Use this procedure to configure a checkpoint data store for Teracloud® Streams domains and instances.
Administering
Administer the product by using the Teracloud® Streams graphical user interface, APIs, or the streamtool command-line interface.
Developing
Develop stream applications with the Streams Processing Language (SPL), Java, and Python.
Troubleshooting
Resolve problems with Teracloud® Streams using the troubleshooting tools provided with the product as well as the resources offered by Teracloud Support.
Reference
Find details on the SPL language, toolkits, APIs, commands, and more.
Glossary
Use this glossary to find terms and definitions for Teracloud® Streams.

Securing a Teracloud® Streams cluster

While applications are deployed into production environments with specific recommendations that apply to individual customers, enterprise organizations generally have security policies and procedures that must be met and followed. To meet enterprise requirements, a combination of product and environment configuration is needed. The following are some key features using the standard information security CIA triad.

Maintaining confidentiality:

Granular access control: Teracloud® Streams uses access control lists (ACLs) to manage user authorization for domains and instances. An ACL contains the type of domain and instance objects to secure and the actions that a user or group is authorized to perform against the object.
Encryption: All connections to the Teracloud® Streams Console, the REST management API, and the data exchange API use the HTTPS protocol. Furthermore, you can encrypt PE to PE communication and management communication with TLS 1.3 or TLS 1.2. Most toolkits have operators that enable the sourcing and sinking of data using TLS 1.3 or TLS 1.2.
Authentication: The default user authentication method is PAM or LDAP. For a basic domain, Teracloud® Streams uses PAM. For an enterprise domain, you can specify either LDAP or PAM as the default method when you create the domain, and then customize user authentication after the domain is created. You can also create JAAS plug-in modules and integrate with any back-end authentication system.

Ensuring integrity:

Checkpointing: Operator state can be persisted at run-time to allow recovery from a failure. This enables you to design applications to guarantee delivery of data.
Auditability: Streams supports comprehensive, multiple-level auditing of product and user operations.

Sustaining availability:

Failover: There is a high availability count property in both domains and instances. This property indicates how many copies of management services are maintained by a domain or instance. If a leader service fails, the product automatically fails over to another instantiation of the service.
Redundancy: The Streams product tightly integrates with redundant LDAP servers, Zookeeper quorums, and multiple Redis servers.