How to Configure Encrypted Transport for HDFS Data
This topic describes how to configure encrypted HDFS data transport using both, Cloudera Manager, and the command line.
You must enable Kerberos before configuring encrypted HDFS data transport. See Authentication for instructions.
Using Cloudera Manager
Minimum Required Role: Full Administrator
To enable encryption of data transferred between DataNodes and clients, and among DataNodes, perform the following steps:
- Enable Hadoop security using Kerberos.
- Select the HDFS service.
- Click the Configuration tab.
- Select .
- Select .
- Configure the following properties: (You can type the property name in the Search box to locate the property.)
Property Description Enable Data Transfer Encryption Check this field to enable wire encryption. Data Transfer Encryption Algorithm Optionally configure the algorithm used to encrypt data. Hadoop RPC Protection Select privacy. - Click Save Changes.
- Restart the HDFS service.
Using the Command Line
Important:
- This configuration process can be completed using either Cloudera Manager or the command-line instructions.
- This information applies specifically to CDH 5.15.0. If you use an earlier version of CDH, see the documentation for that version located at Cloudera Documentation.
To enable encrypted data transport using the command line, perform the following steps:
- Enable Kerberos authentication, following these instructions.
- Set the optional RPC encryption by setting hadoop.rpc.protection to "privacy" in the core-site.xml file in both client and server configurations.
Note:
If RPC encryption is not enabled, transmission of other HDFS data is also insecure.
- Set dfs.encrypt.data.transfer to true in the hdfs-site.xml file on all server systems.
- Restart all daemons.
Page generated May 18, 2018.
<< How to Configure Encrypted Transport for HBase Data | ©2016 Cloudera, Inc. All rights reserved | How to Convert File Encodings (DER, JKS, PEM) for TLS/SSL Certificates and Keys >> |
Terms and Conditions Privacy Policy |