Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

avatar
author-rank amcbarnett
Guru

Created ‎10-21-2015 10:04 PM

Can I use Voltage or Safenet / Key Secure as the Key Management Solution for the Encrypted Zone Keys needed for Transparent Data Encryption.

4,762 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank amcbarnett
Guru

Created ‎10-21-2015 10:14 PM

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

View solution in original post

3,529 Views
4 REPLIES 4

avatar
author-rank amcbarnett
Guru

Created ‎10-21-2015 10:14 PM

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

3,530 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎10-21-2015 11:58 PM

@amcbarnett@hortonworks.com

3,529 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎10-22-2015 12:00 AM

@amcbarnett@hortonworks.com

Yes

Voltage

Safenet-inc

3,529 Views
0 Kudos

avatar
author-rank karl_funk
New Member

Created ‎09-05-2016 02:39 PM

As of HDP 2.5 Safenet Luna is supported...

https://cwiki.apache.org/confluence/display/RANGER/Ranger+KMS+Luna+HSM+Support

3,529 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements