Installing Key Trustee Server Using Cloudera Manager
If you are installing Key Trustee Server for use with HDFS Transparent Encryption,
the Set up HDFS Data At Rest Encryption wizard installs and configures
Key Trustee Server.
(Recommended) Create a new cluster in Cloudera Manager containing only the host
that Key Trustee Server will be installed on. Cloudera recommends that each cluster use
its own KTS instance. Although sharing a single KTS across clusters is technically
possible, it is neither approved nor supported for security reasons—specifically,
the increased security risks associated with single point of failure for encryption keys
used by multiple clusters. For a better understanding of additional security reasons for
this recommendation, see Data at Rest Encryption Reference
Architecture.
In Cloudera Manager, go to
Hosts > Parcels.
Click Configuration and add the path to the Key Trustee
Server parcel to the Remote Parcel Repository URLs section.
Download, distribute, and activate the Key Trustee Server parcel on the cluster
containing the Key Trustee Server host, following the instructions in Managing
Parcels.
After you activate the Key Trustee Server parcel, Cloudera Manager
prompts you to restart the cluster. Click the Close button to ignore this prompt.
You do not need to restart the cluster after installing Key Trustee
Server.
After installing Key Trustee Server using Cloudera Manager, continue to
Securing Key Trustee Server Host.
