Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Enabling Data Transfer Protocol

The NameNode gives the client the address of the first DataNode to read or write the block. The actual data transfer between the client and the DataNode is over Hadoop's Data Transfer Protocol. To encrypt this protocol you must set dfs.encryt.data.transfer=true on the NameNode and all DataNodes. The actual algorithm used for encryption can be customized with dfs.encrypt.data.transfer.algorithm set to either "3des" or "rc4". If nothing is set, then the default on the system is used (usually 3DES.) While 3DES is more cryptographically secure, RC4 is substantially faster.

Enable Encrypted DTP by setting the following properties in hdfs-site.xml:

dfs.encrypt.data.transfer=true
dfs.encrypt.data.transfer.algorithm=3des

rc4 is also supported.

[Note]Note

Secondary Namenode is not supported with the HTTPS port. It can only be accessed via http://<SNN>:50090. WebHDFS, hsftp, and shortcircuitread are not supported when SSL is enabled.