Advanced Configuration

Encryption at Rest

Odilon does not encrypt objects by default. In order to store data encrypted you have to initialize the encryption service. The initialization process must be run only once, before starting using encryption:

Shutdown Odilon and execute the script ./bin/enable-encryption.sh (Linux) or .\bin\enable-encryption.bat (Windows).

Odilon will generate two AES keys.

  • Encryption Key
    The encrytion key is a String of 56 characters that must be added to the 'odilon.properties' file in variable 'encryption.key'. Example:
    encryption.key = 317da5604b9bedeeac0602e1165a9ddfff5aaa534adb9f31f0967c77
  • Master Key
    The master key is String of 32 characters, it is used internally and secret, it is NOT required in 'odilon.properties' or anywhere else. However it may be required to restore the system in case some critical system files are accidental or intentionally deleted in the future, therefore it is recommended that you store it securely. (example 'Master Key -> 6a6cb6f8776f9fb61684dbd5cbe16e81')

The next step is to edit the file odilon.properties: 

				
# The encryption key is provided by Odilon when initializing the encryption service using the 
# enable-encryption.sh (Linux) or enable-encryption.bat (Windows) script.
encryption.enabled = true
encryption.key = 317da5604b9bedeeac0602e1165a9ddfff5aaa534adb9f31f0967c77

and start Odilon normally.

Regenerate encryption key

In case the encryption key is compromised or lost it is possible to generate a new encryption key.
To generate a new encryption key You will need the server's master key, just execute the script (in ./bin directory):

Windows
rekey-encryption.bat -m masterkey

Linux
./rekey-encryption.sh -m masterkey

Example (Windows):
.\rekey-encryption.bat -m 663480aab0a93a1459d91a649cf12408

The script will generate a new encryption.key that has to be added into the odilon.properties file, replacing the old encryption.key.

Version Control

To enable version control set the configuration variable server.versionControl to true in file odilon.properties. 


# default value is false
server.versionControl=true

Master - Standby replication

Odilon supports Master - Standby Architecture for disaster recovery, high availability, archival, and ransomware protection. Data replication is done asynchronously using HTTP/S over the local network or the Internet.
Each Odilon (ie. master and standby) can have their own encryption, replication and other configurations.

MASTER SERVER

Include Standby server url and credentials in odilon.properties.
The following example connects to a standby server on localhost port 9211:


# Enable standby connection on the Master server with the following
# 
standby.enabled=true
standby.url=http://localhost
standby.port=9211
standby.accessKey=odilon
standby.secretKey=odilon

STANDBY SERVER

Set up the server in standby mode using the variable server.mode in file odilon.properties of the Standby server:

				
# This value must be added to the odilon.properties of the Standby server				
server.mode = standby

After restarting both servers, the master server will start a background process to replicate existing data and new operations will be propagated to the standby server asynchronously.

Resources

Installation and configuration

Installation, Configuration and Operation on Windows

Installation, Configuration and Operation on Linux

Advanced configuration (encryption, master-standby, version control)

Configuring HTTPS

Java application development

Java Application Development with Odilon

Odilon SDK Javadoc

Odilon Java SDK - GitHub

Server design and development

Odilon Software Architecture

Odilon Server - GitHub

Videos

Odilon installer for Windows - YouTube video (2 min)

Odilon how to enable encryption - YouTube video (1 min)

Odilon demo - YouTube video (4 min)