Data Encryption Components and Solutions
Cloudera supports two encryption components which may be combined as unique solutions. When selecting a Key Management System (KMS), you must decide which components meet the key management and encryption requirements for your enterprise.
Cloudera Encryption components
Descriptions of Cloudera components for encrypting data at rest follow:
- Ranger Key Management System (KMS)
- Ranger extends the native Hadoop KMS functionality by allowing you to store keys in a secure database. Cryptographic key management service supporting HDFS TDE. Not a general purpose Key Management System, as opposed to Hadoop KMS which stores keys in file based Java Keystore, can be accessed only through KeyProvider API.
- Navigator Encrypt
- Transparently encrypts and secures data at rest without requiring changes to your applications
Cloudera Encryption solutions
You can deploy encryption components as any of the following solutions for encrypting data
at rest:
- Ranger KMS Only
-
- Consists of ONLY Ranger KMS with a backend database that provides key storage
- Ranger KMS provides enterprise-grade key management
- Ranger KMS + HSM
-
- Consists of Ranger KMS with database + integration with a backend hardware security module (HSM)
- Ranger KMS provides enterprise-grade key management
- HSM provides encryption zone key protection
- HSM stores only the encryption master key
