Configuring Encrypted HBase Data Transport

This topic describes how to configure encrypted HBase data transport using both Cloudera Manager and the command line.

Using Cloudera Manager

Minimum Required Role: Full Administrator

To enable encryption of data transferred between HBase masters and RegionServers and between RegionServers and clients:
  1. Enable Hadoop security using Kerberos.
  2. Configure Kerberos authentication for HBase.
  3. Select the HBase service.
  4. Click the Configuration tab.
  5. Select Scope > HBase (Service Wide)
  6. Select Category > Security.
  7. Search for the HBase Transport Security property. Select privacy to enable secure RPC transport. There are three settings: authentication, integrity, and privacy. Each level includes the prior ones. Selecting privacy also enables authentication and integrity.
  8. Click Save Changes.
  9. Restart the HBase service.

Using the Command Line

To enable encrypted data transport using the command line, proceed as follows:

  1. Enable Hadoop Security using Kerberos.
  2. Enable HBase security using Kerberos.
  3. Enable RPC encryption by setting hbase.rpc.protection to "privacy" in the hbase-site.xml file.
  4. Restart all daemons.