3. RPC Encryption

The most common way for a client to interact with a Hadoop cluster is through RPC. A Hadoop client when talking to a secure cluster uses the SASL protocol to authenticate itself. The client uses RPC to connect to the NameNode when serving the HDFS protocol. For RPC connections, Hadoop uses Java’s SASL abstraction. Java’s SASL library supports quality of protection settings. When the hadoop.rpc.protection property is set to privacy, the data over RPC is encrypted with symmetric keys. Please refer to Hortonworks' blog for more details on the hadoop.rpc.protection setting. Note that RPC encryption covers not only the channel between a client and Hadoop cluster but also the inter cluster communication among Hadoop services.