yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/mrs/umn/admin_guide_000281.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

46 lines
5.3 KiB
HTML
Raw Blame History

<a name="admin_guide_000281"></a><a name="admin_guide_000281"></a>
<h1 class="topictitle1">Configuring Kafka Data Encryption During Transmission</h1>
<div id="body1530067732202"><div class="section" id="admin_guide_000281__saa56dc5c8a964391aee8542e930eb2c7"><h4 class="sectiontitle">Scenario</h4><p id="admin_guide_000281__en-us_topic_0046736711_p48077445">Data between the Kafka client and the broker is transmitted in plain text. The Kafka client may be deployed in an untrusted network, exposing the transmitting data to leakage and tampering risks.</p>
</div>
<div class="section" id="admin_guide_000281__s6daaf30ddf924b25b7a3fb1cb5d0342a"><h4 class="sectiontitle">Procedure</h4><p id="admin_guide_000281__en-us_topic_0046736711_p1958995">The channel between components is not encrypted by default. You can set the following parameters to enable security channel encryption.</p>
<p id="admin_guide_000281__en-us_topic_0046736711_p17630956">Page access for setting parameters: On <span id="admin_guide_000281__text67509419010">MRS</span> Manager, click <strong id="admin_guide_000281__b116762030164110">Cluster</strong>, click the name of the desired cluster, and choose <strong id="admin_guide_000281__b186779304417">Services</strong> &gt; <strong id="admin_guide_000281__b267815306414">Kafka</strong>. On the displayed page, click <strong id="admin_guide_000281__b8678330134114">Configuration</strong> and click <strong id="admin_guide_000281__b14679123004112">All Configurations</strong>. Enter a parameter name in the search box.</p>
<div class="note" id="admin_guide_000281__en-us_topic_0046736711_note24460881"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="admin_guide_000281__en-us_topic_0046736711_p18821337">After the configuration, restart the corresponding service for the settings to take effect.</p>
</div></div>
<p id="admin_guide_000281__en-us_topic_0046736711_p35174311"><a href="#admin_guide_000281__en-us_topic_0046736711_d0e28839">Table 1</a> describes the parameters related to transmission encryption on the Kafka server.</p>
<div class="tablenoborder"><a name="admin_guide_000281__en-us_topic_0046736711_d0e28839"></a><a name="en-us_topic_0046736711_d0e28839"></a><table cellpadding="4" cellspacing="0" summary="" id="admin_guide_000281__en-us_topic_0046736711_d0e28839" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters relevant to Kafka data encryption during transmission</caption><thead align="left"><tr id="admin_guide_000281__en-us_topic_0046736711_row21883847"><th align="left" class="cellrowborder" valign="top" width="35.71%" id="mcps1.3.2.6.2.4.1.1"><p id="admin_guide_000281__en-us_topic_0046736711_p27761143">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="37.760000000000005%" id="mcps1.3.2.6.2.4.1.2"><p id="admin_guide_000281__en-us_topic_0046736711_p34060083">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="26.530000000000005%" id="mcps1.3.2.6.2.4.1.3"><p id="admin_guide_000281__en-us_topic_0046736711_p7403364">Default Value</p>
</th>
</tr>
</thead>
<tbody><tr id="admin_guide_000281__en-us_topic_0046736711_row62801650"><td class="cellrowborder" valign="top" width="35.71%" headers="mcps1.3.2.6.2.4.1.1 "><p id="admin_guide_000281__en-us_topic_0046736711_p53768900">ssl.mode.enable</p>
</td>
<td class="cellrowborder" valign="top" width="37.760000000000005%" headers="mcps1.3.2.6.2.4.1.2 "><p id="admin_guide_000281__en-us_topic_0046736711_p60313667">Indicates whether to enable the Secure Sockets Layer (SSL) protocol. If this parameter is set to <strong id="admin_guide_000281__b70141538733948">true</strong>, services relevant to the SSL protocol are started during the broker startup.</p>
</td>
<td class="cellrowborder" valign="top" width="26.530000000000005%" headers="mcps1.3.2.6.2.4.1.3 "><p id="admin_guide_000281__en-us_topic_0046736711_p53568854">false</p>
</td>
</tr>
<tr id="admin_guide_000281__en-us_topic_0046736711_row12357643"><td class="cellrowborder" valign="top" width="35.71%" headers="mcps1.3.2.6.2.4.1.1 "><p id="admin_guide_000281__en-us_topic_0046736711_p61445016">security.inter.broker.protocol</p>
</td>
<td class="cellrowborder" valign="top" width="37.760000000000005%" headers="mcps1.3.2.6.2.4.1.2 "><p id="admin_guide_000281__en-us_topic_0046736711_p10990381">Indicates communication protocol between brokers. The communication protocol can be PLAINTEXT, SSL, SASL_PLAINTEXT, or SASL_SSL.</p>
</td>
<td class="cellrowborder" valign="top" width="26.530000000000005%" headers="mcps1.3.2.6.2.4.1.3 "><p id="admin_guide_000281__en-us_topic_0046736711_p17805683">SASL_PLAINTEXT</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="admin_guide_000281__en-us_topic_0046736711_p26033424">The SSL protocol can be configured for the server or client to encrypt transmission and communication only after <strong id="admin_guide_000281__b206748539533948">ssl.mode.enable</strong> is set to <strong id="admin_guide_000281__b58280287333948">true</strong> and broker enables the <strong id="admin_guide_000281__b48865071433948">SSL</strong> and <strong id="admin_guide_000281__b91830561433948">SASL_SSL</strong> protocols.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000271.html">Security Hardening</a></div>
</div>
</div>
View Git Blame Copy Permalink