Reply
Highlighted
New Contributor
Posts: 2
Registered: ‎09-23-2015

No multi-tenancy support for HSM?

Looking at extending our multi-tenant CDH with Navigator Key Trustee server with HSM for additional encryption.

While with both Safenet Luna and Thales we can use partitions - there seems no way for configuring this with Cloudera Navigator KeyHSM to support multi-tenancy.

 

The idea is similar to how AWS supports this with their CloudHSM - where tenant can control their own keys as they have the security officer SO role, and AWS has the appliance user AU role.

 

Is there anything in Cloudera which allows providing this sort of functionality for the multi-tenants - where they can manage their own keys?

 

Went through all the docs here: https://www.cloudera.com/documentation/enterprise/5-9-x/topics/key_hsm_setup.html but couldn't find anything on multi-tenancy. 

 

#security #hsm #multi-tenancy

New Contributor
Posts: 2
Registered: ‎09-23-2015

Re: No multi-tenancy support for HSM?

25-Oct-2017 update: 

Our Cloudera technical contact confirmed that as of now only 1 physical HSM ( 2 in HA option) is supported (1 partition for Gemalto, 1 security world for Thales) thus ruling out multi-tenancy.

Announcements
New solutions