yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/mrs/umn/admin_guide_000282.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

67 lines
10 KiB
HTML
Raw Blame History

<a name="admin_guide_000282"></a><a name="admin_guide_000282"></a>
<h1 class="topictitle1">Configuring HDFS Data Encryption During Transmission</h1>
<div id="body1530067732204"><div class="section" id="admin_guide_000282__sfe6311ba7b3341a6b4950c8bf6fd6646"><h4 class="sectiontitle">Configuring HDFS Security Channel Encryption</h4><p id="admin_guide_000282__en-us_topic_0046736712_p5320573">The channel between components is not encrypted by default. You can set parameters to enable security channel encryption.</p>
<p id="admin_guide_000282__en-us_topic_0046736711_p17630956">Navigation path for setting parameters: On <span id="admin_guide_000282__text67509419010">MRS</span> Manager, choose <strong id="admin_guide_000282__b86734886465328">Cluster</strong> &gt; <em id="admin_guide_000282__i79258886465328">Name of the desired cluster</em> &gt; <strong id="admin_guide_000282__b158372762865328">Services</strong> &gt; <strong id="admin_guide_000282__b110534275665328">HDFS</strong> &gt; <strong id="admin_guide_000282__b174448388165328">Configurations</strong>. On the displayed page, click the <strong id="admin_guide_000282__b65574691665328">All Configurations</strong> tab. Enter a parameter name in the search box.</p>
<div class="note" id="admin_guide_000282__en-us_topic_0046736712_note28313264"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="admin_guide_000282__en-us_topic_0046736712_p53492789">After the configuration, restart the corresponding service for the settings to take effect.</p>
</div></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="admin_guide_000282__en-us_topic_0046736712_table11673056" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters</caption><thead align="left"><tr id="admin_guide_000282__en-us_topic_0046736712_row42803771"><th align="left" class="cellrowborder" valign="top" width="30.61%" id="mcps1.3.1.5.2.4.1.1"><p id="admin_guide_000282__en-us_topic_0046736712_p44553466">Configuration Item</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="46.94%" id="mcps1.3.1.5.2.4.1.2"><p id="admin_guide_000282__en-us_topic_0046736712_p52061026">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="22.45%" id="mcps1.3.1.5.2.4.1.3"><p id="admin_guide_000282__en-us_topic_0046736712_p56193562">Default Value</p>
</th>
</tr>
</thead>
<tbody><tr id="admin_guide_000282__en-us_topic_0046736712_row55384650"><td class="cellrowborder" valign="top" width="30.61%" headers="mcps1.3.1.5.2.4.1.1 "><p id="admin_guide_000282__en-us_topic_0046736712_p56971675">hadoop.rpc.protection</p>
</td>
<td class="cellrowborder" valign="top" width="46.94%" headers="mcps1.3.1.5.2.4.1.2 "><div class="notice" id="admin_guide_000282__note1537703014317"><span class="noticetitle"> NOTICE: </span><div class="noticebody"><ul id="admin_guide_000282__ul1950212178439"><li id="admin_guide_000282__li16862210104216">The setting takes effect only after the service is restarted. Rolling restart is not supported.</li><li id="admin_guide_000282__li11441336124210">After the setting, you need to download the client configuration file again. Otherwise, HDFS cannot provide the read and write services.</li></ul>
</div></div>
<p id="admin_guide_000282__en-us_topic_0046736712_p51302964">Indicates whether the RPC channels of each module in Hadoop are encrypted. The channels include:</p>
<ul id="admin_guide_000282__en-us_topic_0046736712_ul59073500"><li id="admin_guide_000282__en-us_topic_0046736712_li61899454">RPC channels for clients to access HDFS</li><li id="admin_guide_000282__en-us_topic_0046736712_li20224181">RPC channels between modules in HDFS, for example, between DataNode and NameNode</li><li id="admin_guide_000282__en-us_topic_0046736712_li47799905">RPC channels for clients to access Yarn</li><li id="admin_guide_000282__en-us_topic_0046736712_li27545963">RPC channels between NodeManager and ResourceManager</li><li id="admin_guide_000282__en-us_topic_0046736712_li46587076">RPC channels for Spark to access Yarn and HDFS</li><li id="admin_guide_000282__en-us_topic_0046736712_li16630501">RPC channels for MapReduce to access Yarn and HDFS</li><li id="admin_guide_000282__en-us_topic_0046736712_li15456783">RPC channels for HBase to access HDFS</li></ul>
<div class="note" id="admin_guide_000282__en-us_topic_0046736712_note4893323"><span class="notetitle"> NOTE: </span><div class="notebody"><p class="textintable" id="admin_guide_000282__p154556399431">The setting takes effect globally, that is, the encryption attribute of the RPC channel of each module in the Hadoop takes effect.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.1.5.2.4.1.3 "><ul id="admin_guide_000282__ul126721846184612"><li id="admin_guide_000282__li86721946174614">Security mode: privacy</li><li id="admin_guide_000282__li87384944613">Normal mode: authentication</li></ul>
<div class="note" id="admin_guide_000282__en-us_topic_0046736712_note27061374"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="admin_guide_000282__en-us_topic_0046736712_ul42225780"><li id="admin_guide_000282__en-us_topic_0046736712_li44487706"><strong id="admin_guide_000282__b176825371029">authentication</strong>: indicates that only authentication is required.</li><li id="admin_guide_000282__en-us_topic_0046736712_li64845042"><strong id="admin_guide_000282__b61732429210">integrity</strong>: indicates that authentication and consistency check need to be performed.</li><li id="admin_guide_000282__en-us_topic_0046736712_li46734467"><strong id="admin_guide_000282__b16799155110213">privacy</strong>: indicates that authentication, consistency check, and encryption need to be performed.</li></ul>
</div></div>
</td>
</tr>
<tr id="admin_guide_000282__en-us_topic_0046736712_row17957024"><td class="cellrowborder" valign="top" width="30.61%" headers="mcps1.3.1.5.2.4.1.1 "><p id="admin_guide_000282__en-us_topic_0046736712_p45232806">dfs.encrypt.data.transfer</p>
</td>
<td class="cellrowborder" valign="top" width="46.94%" headers="mcps1.3.1.5.2.4.1.2 "><p id="admin_guide_000282__en-us_topic_0046736712_p39978669">Indicates whether the HDFS data transfer channels and the channels for clients to access HDFS are encrypted. The HDFS data transfer channels include the data transfer channels between DataNodes and the Data Transfer (DT) channels for clients to access DataNodes. The value <strong id="admin_guide_000282__b96883594565328">true</strong> indicates that the channels are encrypted. The channels are not encrypted by default.</p>
<div class="note" id="admin_guide_000282__en-us_topic_0046736712_note24263704"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="admin_guide_000282__en-us_topic_0046736712_ul17046748"><li id="admin_guide_000282__en-us_topic_0046736712_li19203011">This parameter is valid only when <strong id="admin_guide_000282__b209736969465328">hadoop.rpc.protection</strong> is set to <strong id="admin_guide_000282__b30897440065328">privacy</strong>.</li><li id="admin_guide_000282__en-us_topic_0046736712_li38609372">If a large amount of service data is transmitted, enabling encryption by default severely affects system performance.</li><li id="admin_guide_000282__li0861216125317">If data transmission encryption is configured for one cluster in the trusted cluster, the same data transmission encryption must be configured for the peer cluster.</li></ul>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.1.5.2.4.1.3 "><p id="admin_guide_000282__en-us_topic_0046736712_p40351445">false</p>
</td>
</tr>
<tr id="admin_guide_000282__en-us_topic_0046736712_row27618686"><td class="cellrowborder" valign="top" width="30.61%" headers="mcps1.3.1.5.2.4.1.1 "><p id="admin_guide_000282__en-us_topic_0046736712_p22521054">dfs.encrypt.data.transfer.algorithm</p>
</td>
<td class="cellrowborder" valign="top" width="46.94%" headers="mcps1.3.1.5.2.4.1.2 "><p id="admin_guide_000282__en-us_topic_0046736712_p12266058">Indicates the algorithm to encrypt the HDFS data transfer channels and the channels for clients to access HDFS. This parameter is valid only when <strong id="admin_guide_000282__b207128233565328">dfs.encrypt.data.transfer</strong> is set to <strong id="admin_guide_000282__b133453791365328">true</strong>.</p>
<div class="note" id="admin_guide_000282__en-us_topic_0046736712_note43285665"><span class="notetitle"> NOTE: </span><div class="notebody"><p class="textintable" id="admin_guide_000282__en-us_topic_0046736712_p54026667">The default value is <strong id="admin_guide_000282__b170536958565328">3des</strong>, indicating that 3DES algorithm is used to encrypt data. The value can also be set to <strong id="admin_guide_000282__b73281265065328">rc4</strong>. However, to avoid security risks, you are not advised to set the parameter to this value.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.1.5.2.4.1.3 "><p id="admin_guide_000282__en-us_topic_0046736712_p14083945">3des</p>
</td>
</tr>
<tr id="admin_guide_000282__en-us_topic_0046736712_row59646646"><td class="cellrowborder" valign="top" width="30.61%" headers="mcps1.3.1.5.2.4.1.1 "><p id="admin_guide_000282__en-us_topic_0046736712_p66649034">dfs.encrypt.data.transfer.cipher.suites</p>
</td>
<td class="cellrowborder" valign="top" width="46.94%" headers="mcps1.3.1.5.2.4.1.2 "><p id="admin_guide_000282__en-us_topic_0046736712_p29862637">This parameter can be left empty or set to <strong id="admin_guide_000282__b195502487765328">AES/CTR/NoPadding</strong> to specify the cipher suite for data encryption. If this parameter is not specified, the encryption algorithm specified by <strong id="admin_guide_000282__b33543010965328">dfs.encrypt.data.transfer.algorithm</strong> is used for data encryption. The default value is <span class="filepath" id="admin_guide_000282__filepath5082750992652"><b>AES/CTR/NoPadding</b></span>.</p>
</td>
<td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.1.5.2.4.1.3 "><p id="admin_guide_000282__en-us_topic_0046736712_p2954570">AES/CTR/NoPadding</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000271.html">Security Hardening</a></div>
</div>
</div>
View Git Blame Copy Permalink