Installing Key Trustee Server Using Cloudera Manager
If you are installing Key Trustee Server for use with HDFS Transparent Encryption,
the Set up HDFS Data At Rest Encryption wizard installs and configures
Key Trustee Server.
(Recommended) Create a new cluster in Cloudera Manager containing only the host
that Key Trustee Server will be installed on. Cloudera recommends that each cluster use
its own KTS instance. Although sharing a single KTS across clusters is technically
possible, it is neither approved nor supported for security reasons—specifically,
the increased security risks associated with single point of failure for encryption keys
used by multiple clusters. For a better understanding of additional security reasons for
this recommendation, see Data at Rest Encryption Reference
Architecture.
Download the latest Key Trustee Server parcel from the Cloudera.com/downloads page.
From CDP Private Cloud Base 7.1.6, the KEYTRUSTEE_SERVER parcel is available in the same
location in which the Cloudera runtime parcel is placed. If you have configured the parcel
repository for CDP Private Cloud Base upgrade, the KEYTRUSTEE_SERVER parcel is displayed
automatically.