No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FusionInsight HD 6.5.0 Administrator Guide 02

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring HDFS to Encrypt Data During Transmission

Configuring HDFS to Encrypt Data During Transmission

Configuring Security Channel of HDFS Encryption

The channels between components are not encrypted by default. You can set the following parameters to configure security channel encryption.

Page access: On FusionInsight Manager, choose Cluster > Service > HDFS > Configuration. Click All Configurations. Enter the parameter name in the search box.

NOTE:

Restart the corresponding service after configuration.

Table 14-8 Parameter description

Parameter

Description

Default Value

hadoop.rpc.protection

NOTICE:
  • After the configurations, restart the service. Rolling restart is not supported.
  • After the configurations, download the client configurations again. Otherwise, HDFS cannot provide the write and read services.

Indicates whether the RPC channels of each module in Hadoop are encrypted. The channels include:

  • RPC channels for clients to access HDFS.
  • RPC channels between modules in HDFS, for example, RPC channels between DataNode and NameNode.
  • RPC channels for clients to access YARN.
  • RPC channels between NodeManager and ResourceManager.
  • RPC channels for Spark to access YARN and HDFS.
  • RPC channels for MapReduce to access YARN and HDFS.
  • RPC channels for HBase to access HDFS.

The privacy indicates that the channels are encrypted by default. The authentication indicates that channels are not encrypted.

NOTE:

You can set this parameter on the HDFS component configuration page. The parameter setting is valid globally, that is, the setting of whether the RPC channel is encrypted takes effect on all modules in Hadoop.

privacy

NOTE:
  • authentication: Authentication only.
  • integrity: Authentication and consistency check.
  • privacy: Authentication, consistency check, and encryption.

dfs.encrypt.data.transfer

Indicates whether the HDFS data transfer channels and the channels for clients to access HDFS are encrypted. The HDFS data transfer channels include the data transfer channels between DataNodes and the Data Transfer (DT) channels for clients to access DataNodes. The value true indicates that the channels are encrypted. The channels are not encrypted by default.

NOTE:
  • This parameter is used only when hadoop.rpc.protection is set to privacy.
  • Note that enabling encryption by default poses severe impact on performance when a large amount of service data is being transmitted.

false

dfs.encrypt.data.transfer.algorithm

Indicates the algorithm used for encrypting the HDFS data transfer channels and the channels for clients to access HDFS. This parameter is valid only when dfs.encrypt.data.transfer is set to true.

NOTE:

The default value is 3des, which indicates that the 3DES algorithm is used for encryption. The value can also be set to rc4; however, to avoid security risks, do not set the parameter to this value.

3des

dfs.encrypt.data.transfer.cipher.suites

Can be set to null or AES/CTR/NoPadding to specified the cipher suite for data encryption. If not defined, then only the algorithm specified in dfs.encrypt.data.transfer.algorithm is used. By default, the property is AES/CTR/NoPadding.

AES/CTR/NoPadding

Download
Updated: 2019-05-17

Document ID: EDOC1100074522

Views: 6205

Downloads: 12

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next