Does a mirroring arbiter need / use certificates?
I am configuring a set of Linux (RHEL 9) servers to operate as an IRIS 2025.1 mirror set. Mirroring traffic is using TLS, so each IRIS server has the necessary TLS configurations. However installation of ISCAgent on the dedicated arbiter host didn't make any mention of TLS or certificates. Nor did I find anything about this when searching IRIS documentation.
Am I missing something? Does the traffic between the IRIS hosts and the arbiter host use TLS? Should I be installing any certs on the arbiter host to facilitate secure communication?
Comments
Hey John.
I'm happy to be corrected, but I didn't think that the Arbiter utilised TLS and that the minimal traffic between the mirror and the arbiter was rather lacking in any information about the environments that are being managed by the arbiter.
That said, it would make sense for it to move to using TLS even just for completeness.
As @Julian Matthews says, communication between mirror and arbiter is minimal, just a heartbeat to check the availability of the mirror members, no further configurations are required.