You set up TDE for Hive replication using the instructions in the HDP
Security guide. You can set TDE only at cluster level for Hive replication.
During the replication process, the source data is decrypted using the source key and is
encrypted using the destination key.
-
(Optional) Encrypt the source Hive warehouse directory and any additional
directories as required by the Hive service and grant the DLM Engine user access
to the KMS key in the source Ranger service.
-
Encrypt the destination Hive warehouse directory and any additional directories
as required by the Hive service and grant the DLM Engine user access to the KMS
key in the destination Ranger service.
After you configure TDE on the data to be replicated, DLM
can identify which directories have TDE enabled. When configuring a replication policy
in the DLM App, you can identify and select the TDE-enabled data. You also have the
option of replicating data using the same TDE key on both the source and destination, to
reduce the overhead of decryption and encryption.