Reply
Expert Contributor
Posts: 68
Registered: ‎10-04-2016

Navigator KTS serves multiple clusters with their own KMS proxy

Is it possible to use KTS cluster to serve multiple Hadoop clusters?

Expert Contributor
Posts: 68
Registered: ‎10-04-2016

Re: Navigator KTS serves multiple clusters with their own KMS proxy

From KTS architecture, I see non reason it can not serve multiple clusters. All it does is to provide KeyProvider client API for clients to call, and the clients can be from any where. Could any one in Cloudera confirm?

Explorer
Posts: 17
Registered: ‎11-03-2016

Re: Navigator KTS serves multiple clusters with their own KMS proxy

Hi,

 

As per the documentation and architecture you can use KTS server which can managed outside the cluster.  So I believe you can use the one KTS cluster to manage multiple Hadoop clusters. I'm going to test this setup in couple of weeks (I will update this thread) but this is possible as far as I remember.  But answers from Cloudera team will be apprecaited.

 

Cheers

Nagaraj C

 

 

Highlighted
Cloudera Employee
Posts: 42
Registered: ‎08-16-2016

Re: Navigator KTS serves multiple clusters with their own KMS proxy

I would not recommend this setup for a couple of reasons.

  1. You will be having keys for multiple clusters in a single server. If for some reason your KTS machine goes down, then your keys at both the location are inaccessible.
  2. If you are using it for two different clusters, then the problem is incase one of your KTS machine is compromised, then the data in both are compromised.

 

If you are trying this in a dev/qa cluster, it is not such a huge worry. But do take into consideration the different security and administrative aspects of sharing a Key Trustee Server.

Announcements