Encryption Mechanisms Overview
Data at rest and data in transit encryption function at different technology layers of the cluster:
| Layer | Description |
|---|---|
| Application | Applied by the HDFS client software, HDFS Transparent Encryption lets you encrypt
specific folders contained in HDFS. To securely store the required encryption keys,
Cloudera recommends using the Ranger Key Trustee Server in conjunction with HDFS
encryption. Data stored temporarily on the local filesystem outside HDFS by CDP components (including Impala, MapReduce, YARN, or HBase) can also be encrypted. |
| Operating System | At the Linux OS file system layer, encryption can be applied to an entire volume. |
| Network | Network communications between client processes and server processes (HTTP, RPC, or TCP/IP services) can be encrypted using industry-standard TLS/SSL. |
Here are some good starting places for more information about encryption for Cloudera clusters:
- Encrypting data at rest
- Encrypting data in transit
