DLM Installation and Upgrade
Also available as:
PDF

Configure TDE for Hive replication

You set up TDE for Hive replication using the instructions in the HDP Security guide. You can set TDE only at cluster level for Hive replication. During the replication process, the source data is decrypted using the source key and is encrypted using the destination key.

  1. (Optional) Encrypt the source Hive warehouse directory and any additional directories as required by the Hive service and grant the DLM Engine user access to the KMS key in the source Ranger service.
    Refer to Encryption in Hive and Ranger KMS Setup for instructions.
  2. Encrypt the destination Hive warehouse directory and any additional directories as required by the Hive service and grant the DLM Engine user access to the KMS key in the destination Ranger service.
    Refer to Encryption in Hive and Ranger KMS Setup for instructions.
After you configure TDE on the data to be replicated, DLM can identify which directories have TDE enabled. When configuring a replication policy in the DLM App, you can identify and select the TDE-enabled data. You also have the option of replicating data using the same TDE key on both the source and destination, to reduce the overhead of decryption and encryption.