Xiaoyu Yao created HDDS-1041:
--------------------------------
Summary: Support TDE(Transparent Data Encryption) for Ozone
Key: HDDS-1041
URL: https://issues.apache.org/jira/browse/HDDS-1041
Project: Hadoop Distributed Data Store
Issue Type: New Feature
Components: Security
Reporter: Xiaoyu Yao
Assignee: Xiaoyu Yao
Currently ozone saves data unencrypted data on datanode, this ticket is opened
to support TDE(Transparent Data Encryption) for Ozone to meet the requirement
of use cases that need protection of sensitive data.
The table below summarize the comparison of HDFS TDE and Ozone TDE:
||HDFS||Ozone||
|Encryption zone created at directory level.
All files created within the encryption zone will be encryption.
|Encryption enabled at Bucket level.
All objects created within the encrypted bucket will be encrypted.
|
|Encryption zone created with ZK(Zone Key)|Encrypted Bucket created with
BEK(Bucket Encryption Key)|
|Per File Encryption
* File encrypted with DEK(Data Encryption Key)
* DEK is encrypted with ZK as EDEK by KMS and persisted as extended
attributes.|Per Object Encryption
* Object encrypted with DEK(Data Encryption Key)
* DEK is encrypted with BEK as EDEK by KMS and persisted as object metadata.|
I will post a design doc shortly.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
