Thanks for the question. We have read about the issue that exposed so many database servers within the Internet.
Here are some of the things that are different within Aerospike environment that will help our users do well in a secured manner.
The general theory is that one should have open communication channel for clients to communicate with the server with the proper access control mechanisms in place. As software providers, we have all done this and quite well in the past.
Within Aerospike, we want the client applications to NOT run within the same server node. If they were run within the same server node, this would kind of defeat the purpose of the a distributed server usage; and as we have demonstrated, Aerospike is a shared nothing architecture. Given the fact that client nodes/applications don’t run on the same machine as the server, our users are used to the client/server mode of communication over TCP/IP. When the client application talks to the server, it provides the IP address(s) of server node(s) (with the proper addressable port of access) within the cluster such that the client can establish a TCP which is persistent as well as resilient. The resiliency is important, as Aerospike applications don’t have to worry about network issues of transient disconnects, the Aerospike embedded client library handles it. Nice ;-).
Next, when the connection is established, one has to worry about access control. At Aerospike, we have that in place as well, and there some great and crisp documentation that explains how to manage this. Here is the link https://www.aerospike.com/docs/guide/security.html . Please check this out and let us know if this helps provide some clarity and address the protection via access control.
With respect to AWS setup, here is another link that documents how to handle the AWS setup http://www.aerospike.com/docs/deploy_guides/aws/recommendations/ .
At Aerospike, we strive very hard to understand the underlying controls that are required to have a protected distributed server cluster to run efficiently for our customers.
Facilitating an efficient client-server communication over TCP/IP with industry standard mode of protected access where the semantics of protection are rich enough for application awareness and application consumption is what Aerospike has been working hard on. We would love to hear back from all of you as to how the system performs and where we can improve our service.