Installing Key Trustee Server Using Cloudera Manager
If you are installing Key Trustee Server for use with HDFS Transparent Encryption, the Set up HDFS Data At Rest Encryption wizard installs and configures Key Trustee Server.
(Recommended) Create a new cluster in Cloudera Manager containing only the host
that Key Trustee Server will be installed on. Cloudera recommends that each cluster use
its own KTS instance. Although sharing a single KTS across clusters is technically
possible, it is neither approved nor supported for security reasons—specifically,
the increased security risks associated with single point of failure for encryption keys
used by multiple clusters. For a better understanding of additional security reasons for
this recommendation, see Data at Rest Encryption Reference
Download the latest Key Trustee Server parcel from the Cloudera.com/downloads
Key Trustee Server Version Cloudera.com Download Page 220.127.116.11 https://www.cloudera.com/downloads/navigator/key-trustee-server.html
- Follow the steps in Using a Local Parcel Repository to register the local parcel with Cloudera Manager.
- On the Key Trustee Server cluster home page, click the More Options (ellipsis) icon, then click Add Service.
- Select Key Trustee Server, then click Continue.
- Use the Add Key Trustee Server Service wizard to install Key Trustee Server.
- Key Trustee Server appears in the cluster components list.