09-28-2017 06:54 AM
Looking at extending our multi-tenant CDH with Navigator Key Trustee server with HSM for additional encryption.
While with both Safenet Luna and Thales we can use partitions - there seems no way for configuring this with Cloudera Navigator KeyHSM to support multi-tenancy.
The idea is similar to how AWS supports this with their CloudHSM - where tenant can control their own keys as they have the security officer SO role, and AWS has the appliance user AU role.
Is there anything in Cloudera which allows providing this sort of functionality for the multi-tenants - where they can manage their own keys?
Went through all the docs here: https://www.cloudera.com/documentation/enterprise/5-9-x/topics/key_hsm_setup.html but couldn't find anything on multi-tenancy.
#security #hsm #multi-tenancy
10-25-2017 08:43 AM
Our Cloudera technical contact confirmed that as of now only 1 physical HSM ( 2 in HA option) is supported (1 partition for Gemalto, 1 security world for Thales) thus ruling out multi-tenancy.