Migrating from memcached to couchbase

security

#1

We have an application that runs on 10 virtual machines. On each VM is an application container (tomcat) and a memcached instance. Each app will talk across the 10 memcached instances, using a client library which handles client side consistent caching. I.e the target memcached instance is determined based on the cache key and the 10 target instances. All communication is over port 11211, and a binary protocol is used.

We want to migrate this to a new virtual server farm. The only difference is, we are considering the use of a seperate Couchbase cluster, and have more stringent security requirements.
For instance, the data contains personal identifiable information, hence data must be encrypted with TLS1.2 over the network. Encryption at REST is also beneficial, but I understand this needs to be taken care of by the client.

What steps would need to be taken to configure couchbase to act as a low-latency, secure, caching solution, that a legacy application can simply repoint to?