Encrypting Data at Rest in Cloudera Manager
Encrypting Data at Rest
Data at Rest Encryption Reference Architecture
Data at Rest Encryption Requirements
Resource Planning for Data at Rest Encryption
HDFS Transparent Encryption
Key Concepts and Architecture
Keystores and the Hadoop Key Management Server
Data Encryption Components and Solutions
Encryption Zones and Keys
Accessing Files Within an Encryption Zone
Optimizing Performance for HDFS Transparent Encryption
Enabling HDFS Encryption Using the Wizard
Enabling HDFS Encryption Using Navigator Key Trustee Server
Enabling HDFS Encryption Using a Java KeyStore
Managing Encryption Keys and Zones
Validating Hadoop Key Operations
Creating Encryption Zones
Adding Files to an Encryption Zone
Deleting Encryption Zones
Backing Up Encryption Keys
Rolling Encryption Keys
Re-encrypting Encrypted Data Encryption Keys (EDEKs)
Benefits and Capabilities
Prerequisites and Assumptions
Limitations
Re-encrypting an EDEK
Managing Re-encryption Operations
Configuring the Key Management Server (KMS)
Configuring the KMS Using Cloudera Manager
Configuring the KMS Cache Using Cloudera Manager
Configuring the Audit Log Aggregation Interval
Securing the Key Management System (KMS)
Enabling Kerberos Authentication for the KMS
Configuring TLS/SSL for the KMS
Migrating Keys from a Java KeyStore to Cloudera Navigator Key Trustee Server
Migrating Ranger Key Management Server Role Instances to a New Host
Migrate the Ranger Admin role instance to a new host
Migrate the Ranger KMS db role instance to a new host
Migrate the Ranger KMS KTS role instance to a new host
Migrating ACLs from Key Trustee KMS to Ranger KMS
Key Trustee KMS operations not supported by Ranger KMS
ACLs supported by Ranger KMS and Ranger KMS Mapping
Configuring CDP Services for HDFS Encryption
Transparent Encryption Recommendations for HBase
Transparent Encryption Recommendations for Hive
Changed Behavior after HDFS Encryption is Enabled
KMS ACL Configuration for Hive
Transparent Encryption Recommendations for Hue
Transparent Encryption Recommendations for Impala
Transparent Encryption Recommendations for MapReduce and YARN
Transparent Encryption Recommendations for Search
Transparent Encryption Recommendations for Spark
Transparent Encryption Recommendations for Sqoop
Migrating Keys from a Java KeyStore to Cloudera Navigator Key Trustee Server
Configuring CDP Services for HDFS Encryption
Using the Ranger Key Management Service
Accessing the Ranger KMS Web UI
List and Create Keys
Roll Over an Existing Key
Delete a Key