No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Configuration

Security Configuration

Configuring Security Channel Encryption

The channels between components are not encrypted by default. You can set the following parameters to configure security channel encryption.

Page access: On FusionInsight Manager, choose Cluster > Service > component > Configuration. Click All Configurations. Enter the parameter name in the search box.

NOTE:

Restart the corresponding service after configuration.

Table 14-4 Parameter description

Parameter

Description

Default Value

hbase.rpc.protection

Indicates whether the HBase channels, including the remote procedure call (RPC) channels for HBase clients to access the HBase server and the RPC channels between the HMaster and RegionServer, are encrypted. If this parameter is set to privacy, the channels are encrypted and the authentication, integrity, and privacy functions are enabled. If this parameter is set to integrity, the channels are not encrypted and only the authentication and integrity functions are enabled. If this parameter is set to authentication, the channels are not encrypted, only packets are authenticated, and integrity and privacy are not required.

NOTE:

The privacy mode encrypts transmitted content, including sensitive information such as user tokens, to ensure the security of the transmitted content. However, this mode has great impact on performance. Compared with the other two modes, this mode reduces read/write performance by about 60%. Modify the configuration based on the enterprise security requirements. The configuration items on the client and server must be the same.

-

dfs.encrypt.data.transfer

Indicates whether the HDFS data transfer channels and the channels for clients to access HDFS are encrypted. The HDFS data transfer channels include the data transfer channels between DataNodes and the Data Transfer (DT) channels for clients to access DataNodes. The value true indicates that the channels are encrypted. The channels are not encrypted by default.

false

dfs.encrypt.data.transfer.algorithm

Indicates whether the HDFS data transfer channels and the channels for clients to access HDFS are encrypted. This parameter is valid only when dfs.encrypt.data.transfer is set to true.

The default value is 3des, which indicates that the 3DES algorithm is used for encryption. The value can also be set to rc4; however, to avoid security risks, do not set the parameter to this value.

3des

hadoop.rpc.protection

Indicates whether the RPC channels of each module in Hadoop are encrypted. The channels include:

  • RPC channels for clients to access HDFS
  • RPC channels between modules in HDFS, for example, RPC channels between DataNode and NameNode
  • RPC channels for clients to access YARN
  • RPC channels between NodeManager and ResourceManager
  • RPC channels for Spark to access YARN and HDFS
  • RPC channels for MapReduce to access YARN and HDFS
  • RPC channels for HBase to access HDFS

The privacy indicates that the channels are encrypted by default. The authentication indicates that channels are not encrypted.

NOTE:

You can set this parameter on the HDFS component configuration page. The parameter setting is valid globally, that is, the setting of whether the RPC channel is encrypted takes effect on all modules in Hadoop.

privacy

Setting the Maximum Number of Concurrent Web Connections

To ensure web server security, the number of new connections is limited when the number of user connections reaches a specific threshold. This prevents DDOS attacks and service unavailability caused by too many users accessing the web server at the same time.

Page access:

Page access: On FusionInsight Manager, choose Cluster > Service > component > Configuration. Click All Configurations. Enter the parameter name in the search box.

Table 14-5 Parameter description

Parameter

Description

Default Value

hadoop.http.server.MaxRequests

Specifies the maximum number of concurrent web connections of each component.

Components include HDFS and YARN.

2000

spark.connection.maxRequest

Maximum number of request connections of JobHistory.

5000

Download
Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 7286

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next