Sorry for being cryptic, by SSE, I meant, server side encryption. In our use-case, both data transfer & persistent data in HDFS are to be encrypted. From your comments, enabling HBase transparent server side encryption will suffice.
On Thu, Oct 23, 2014 at 11:23 AM, Andrew Purtell <[email protected]> wrote: > RegionServers > persist data into HDFS, so if you wish the data transfer to be encrypted, > use "dfs.encrypt.data.transfer" . This only encrypts the transfer. As > another option you can enable transparent server side encryption in HBase > 0.98 and higher. This will encrypt data for persistence inside HBase before > any write or data transfer using HDFS. For more information see the > Security section of our online manual: > > http://hbase.apache.org/book/security.html > > > RegionServers and the Master send > administrative messages between themselves using RPC. Communication between > RegionServers and clients is also by way of RPC. RPC can be secured by > using Kerberos authentication in conjunction with auth-conf SASL privacy > settings. Set up Kerberos and then set "hbase.rpc.protection" to "privacy" > in the HBase site configuration > . > > > > How does HBase (with SSE) > > What do you mean by "SSE" > ? > > > On Thu, Oct 23, 2014 at 11:10 AM, Krishna <[email protected]> wrote: > > > Hi, > > > > How does HBase (with SSE) deal with "dfs.encrypt.data.transfer" in HDFS > > configuration? Does it use this parameter when data is transferred > between > > RS? > > > > Hadoop 2.4 > > HBase 0.98 > > > > Thanks > > > > > > -- > Best regards, > > - Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White) >
