Reply
Explorer
Posts: 6
Registered: ‎08-15-2016
Accepted Solution

Setting up Cloudera Navigator Encrypt

We are looking into setting up Cloudera Navigator Encrypt to properly encrpyt some Kudu data that we have. Most pieces with the Encrypt install seem pretty straight forward, however I have a few questions.

 

-Does Encrypt need to be installed on all of the hosts that will have the encrypted data?

 

-Since we are going to be encrypting multiple Kudu disks, is it best to create an LVM with all of the disks so a single mount point can then be encrypted?

 

Thanks. 

Explorer
Posts: 6
Registered: ‎08-15-2016

Re: Setting up Cloudera Navigator Encrypt

For anyone that stumbles upon this same issue I'll porived some details.

 

-Encrypt goes onto every machine that will have data which needs to be encrypted. In our case that is the kudu masters and tablets.

 

-LVM was setup and mounted through Navencrypt. With 3 replicas setup we were ok with the fact of losing a tablet server entirely, should a disk fail. 

Highlighted
Contributor
Posts: 27
Registered: ‎10-27-2015

Re: Setting up Cloudera Navigator Encrypt

In Hadoop and Kafka, one normally would not use RAID or LVM for data disks. Instead each disk has a partition that consumes the entire disk and a filesystem is written to that partition.

In the case of NavEnc, after partitioning, each disk is first encrypted and then has the filesystem written on top of the encrypted volume.

Tying together multiple disks into one large filesystem is the opposite of what Kafka or Hadoop expect you to do and you lose out on the advantages of parallelism.
Announcements