DLM Installation and Upgrade
Also available as:
PDF

Configure TDE for HDFS replication

You set up TDE for HDFS replication using the instructions in the HDP Security guide. You can set TDE per directory or per cluster on HDFS. During the replication process, the source data is decrypted using the source key and is encrypted using the destination key.

  1. (Optional) Encrypt the source directory and grant the DLM Engine user access to the KMS key in the source Ranger service.
    Refer to Encryption in HDFS and Ranger KMS Setup for instructions.
  2. Encrypt the destination directory and grant the DLM Engine user access to the KMS key in the destination Ranger service.
    Refer to Encryption in HDFS and Ranger KMS Setup for instructions.
After you configure TDE on the data to be replicated, DLM can identify which directories have TDE enabled. When configuring a replication policy in the DLM App, you can identify and select the TDE-enabled data. You also have the option of replicating data using the same TDE key on both the source and destination, to reduce the overhead of decryption and encryption.