Configuring Encrypted HDFS Data Transport

This topic describes how to configure encrypted HDFS data transport using both, Cloudera Manager, and the command line.

Using Cloudera Manager

Minimum Required Role: Full Administrator

To enable encryption of data transfered between DataNodes and clients, and among DataNodes, proceed as follows:
  1. Enable Hadoop security using Kerberos.
  2. Select the HDFS service.
  3. Click the Configuration tab.
  4. Expand the Service-Wide category and click the Security subcategory. Configure the following properties:
    Property Description
    Enable Data Transfer Encryption Check this field to enable wire encryption.
    Data Transfer Encryption Algorithm Optionally configure the algorithm used to encrypt data.
    Hadoop RPC Protection Select privacy.
  5. Click Save Changes.
  6. Restart the HDFS service.

Using the Command Line

To enable encrypted data transport using the command line, proceed as follows:

  1. Enable the Hadoop Security using Kerberos, following these instructions.
  2. Set the optional RPC encryption by setting hadoop.rpc.protection to "privacy" in the core-site.xml file in both client and server configurations.
  3. Set dfs.encrypt.data.transfer to true in the hdfs-site.xml file on all server systems.
  4. Restart all daemons.