This is the documentation for Cloudera Enterprise 5.8.x. Documentation for other versions is available at Cloudera Documentation.

Configuring Encrypted HBase Data Transport

This topic describes how to configure encrypted HBase data transport using Cloudera Manager and the command line.

Configuring Encrypted HBase Data Transport Using Cloudera Manager

Minimum Required Role: Full Administrator

To enable encryption of data transferred between HBase masters and RegionServers and between RegionServers and clients:
  1. Enable Hadoop security using Kerberos.
  2. Configure Kerberos authentication for HBase.
  3. Select the HBase service.
  4. Click the Configuration tab.
  5. Select Scope > HBase (Service Wide).
  6. Select Category > Security.
  7. Search for the HBase Transport Security property and select one of the following:
    • authentication: Enables simple authentication using Kerberos.
    • integrity: Checks the integrity of data received to ensure it was not corrupted in transit. Selecting integrity also enables authentication.
    • privacy: Ensures privacy by encrypting the data in transit using TLS/SSL encryption. Selecting privacy also enables authentication and integrity.

      Set this property to privacy to enable secure RPC transport.

  8. Click Save Changes.
  9. Restart the HDFS service.

Configuring Encrypted HBase Data Transport Using the Command Line

  Important:
  • You can use either Cloudera Manager or the following command-line instructions to complete this configuration.
  • This information applies specifically to CDH 5.8.x. If you use an earlier version of CDH, see the documentation for that version located at Cloudera Documentation.

  1. Enable Hadoop Security using Kerberos.
  2. Enable HBase security using Kerberos.
  3. Enable RPC encryption by setting hbase.rpc.protection in the hbase-site.xml file to one of the following:
    • authentication: Enables simple authentication using Kerberos.
    • integrity: Checks the integrity of data received to ensure it was not corrupted in transit. Selecting integrity also enables authentication.
    • privacy: Ensures privacy by encrypting the data in transit using TLS/SSL encryption. Selecting privacy also enables authentication and integrity.

      Set this property to privacy to enable secure RPC transport.

  4. Restart all daemons.
Page generated July 8, 2016.