Benefits and Capabilities

In addition to minimizing security risks, re-encrypting the EDEK offers other capabilities and benefits.

  • Re-encrypting EDEKs does not require that the user explicitly re-encrypt HDFS files.
  • In cases where there are several zones using the same key, the Key Administrator has the option of selecting which zone’s EDEKs are re-encrypted first.
  • The HDFS Superuser can also monitor and cancel re-encryption operations.
  • Re-encryption is restarted automatically in cases where you have a NameNode failure during the re-encryption operation.