Managing data encryption in transfer
Data can enter the software containers through three main entry points. These entry points are listed and described. For each of these entry points, data encryption in transfer is enabled by default, with the exception of the non-TLS port for the Apache Kafka broker. This non-TLS port is provided to simplify your initial configuration, but to ensure secure communication, it must be disabled after you complete testing of the end-to-end data flow.
- Gateway service
-
The default port is 8085.
For ZRDDS-specific use cases, all data flow into and out of the solution takes place through this port.
- Apache Kafka broker service
- When the software containers are installed, the included Apache Kafka broker is configured with
both of the following ports:
- Non-TLS port: The default value is 9092. This port is provided to simplify the initial configuration for communication between the Apache Kafka broker service and external consumers and producers.
- TLS port: The default value is 9093.
For ZRDDS-specific use cases, the Kafka broker does not receive data from external producers, nor does it communicate directly with external consumers. Instead, it only communicates with other software containers through an internal network. Therefore, the external ports of the Kafka broker service are not relevant for securing data in transfer for ZRDDS-specific use cases.