Resource Planning for Data at Rest Encryption
High Availablity for Ranger KMS
For production environments, you must configure high availability for:
- Ranger KMS
Ranger KMS HA Planning
For high availability, you must provision at least two dedicated Ranger KMS hosts, for a minimum of four separate hosts. Do not run multiple Ranger KMS services on the same physical host, and do not run these services on hosts with other cluster services. Doing so causes resource contention with other important cluster services and defeats the purpose of high availability. See "Data at Rest Encryption Reference Architecture" for more information.
The Ranger KMS workload is CPU intensive. Cloudera recommends using machines with capabilities equivalent to your NameNode hosts, with Intel CPUs that support AES-NI for optimum performance.
Make sure that each host is secured and audited. Only authorized key administrators should have access to them. Red Hat provides security guides for RHEL:
- RHEL 7 Security Guide
For hardware sizing information, see "Data at Rest Encryption Requirements" for recommendations for each Cloudera Navigator encryption component.
For Cloudera Manager deployments, deploy Ranger KMS in its own dedicated cluster. See "Data at Rest Encryption Reference Architecture" for more information.
Virtual Machine Considerations
To maintain the security of the cryptographic keys, make sure that all copies of the virtual disk (including any back-end storage arrays, backups, snapshots, and so on) are secured and audited with the same standards you apply to the live data.