Configuring Encrypted Transport for HBase

This topic describes how to configure encrypted HBase data transport using Cloudera Manager and the command line.

Configuring Encrypted HBase Data Transport Using Cloudera Manager

Minimum Required Role: Full Administrator

To enable encryption of data transferred between HBase masters and RegionServers and between RegionServers and clients:
  1. Enable Hadoop security using Kerberos.
  2. Configure Kerberos authentication for HBase.
  3. Select the HBase service.
  4. Click the Configuration tab.
  5. Select Scope > HBase (Service Wide).
  6. Select Category > Security.
  7. Search for the HBase Transport Security property and select one of the following:
    Property Description
    authentication Enables simple authentication using Kerberos.
    integrity Checks the integrity of data received to ensure it was not corrupted in transit. Selecting integrity also enables authentication.
    privacy Ensures privacy by encrypting the data in transit using TLS/SSL encryption. Selecting privacy also enables authentication and integrity.
  8. Click Save Changes.
  9. Restart the HBase service.

Configuring Encrypted HBase Data Transport Using the Command Line

  1. Enable Hadoop Security using Kerberos.
  2. Enable HBase security using Kerberos.
  3. Enable RPC encryption by setting hbase.rpc.protection in the hbase-site.xml file to one of the following:
    Property Description
    authentication Enables simple authentication using Kerberos.
    integrity Checks the integrity of data received to ensure it was not corrupted in transit. Selecting integrity also enables authentication.
    privacy Ensures privacy by encrypting the data in transit using TLS/SSL encryption. Selecting privacy also enables authentication and integrity.
  4. Restart all daemons.