Josh, Thank you for your quick response.
The data is sensitive personal data of customers. Everything needs to be encrypted and secure. In - wire, on-wire, in-motion, at rest, everything. Our solution was to use SSL/TLS everywhere. Our development team reported that Phoenix does not support SSL. Therefore this is a big problem. Based on the above statements, if you have additional ideas, I will gladly take them, if you have additional input please do provide. I unfortunately have very limited to no knowledge on security. So this becomes a challenge area for me. Meanwhile, I will look up the link you have provided and will continue to do research on this topic. thanks, -ash On Fri, Nov 24, 2017 at 12:11 PM, Josh Elser <els...@apache.org> wrote: > Why do you have a hard-requirement on using SSL? > > HBase itself does not use SSL to provide confidentiality on its wire > communication, it relies on jGSS and SASL to implement this security. Under > the hood, this actually boils down to using GSSAPI, Kerberos specifically, > to implement privacy (e.g. aes256-cts-hmac-sha1-96). > > Take a look at https://hbase.apache.org/book. > html#_server_side_configuration_for_secure_operation. Phoenix executes > all of its RPCs over HBase RPCs, so if you have HBase set up correctly, > Phoenix will follow. > > If you want to introduce the Phoenix Query Server into your architecture, > you can place it behind an SSL/TLS proxy server (or configure PQS directly > with SSL/TLS using a sufficiently new version of Phoenix). This would be > the only way I know of to "use Phoenix with SSL", but, in my experience, > this is rarely what people actually want when they say this ;) > > Disclaimer: I have no idea how any of this translates to EMR :) > > > On 11/24/17 12:01 PM, Ash N wrote: > >> Hello All, >> >> Thank you for the great work the team is doing on Phoenix. >> >> Summary : does Phoenix support SSL connection in Amazon EMR Cluster? >> >> We are running Phoenix on EMR cluster in Amazon. We have a need to >> connect to Phoenix over SSL. I don't see much documentation around this >> topic anywhere also I saw a couple of jira tickets that did not provide >> enough help or direction on this topic. >> >> If Phoenix does not support SSL connections what are my options? >> >> Starting off six months ago, we assumed this should not be an issue. >> Now we are in big trouble. >> >> All and any help is greatly appreciated. >> >> Thanks >> Ash >> >
