Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Can Voltage or Safenet be used as an Alternative Key Mangement Store for Transparent Data Encryption (TDE)

avatar
author-rank amcbarnett
Guru

Created ‎10-21-2015 10:04 PM

Can I use Voltage or Safenet / Key Secure as the Key Management Solution for the Encrypted Zone Keys needed for Transparent Data Encryption.

3,311 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank amcbarnett
Guru

Created ‎10-21-2015 10:14 PM

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

View solution in original post

2,078 Views
4 REPLIES 4

avatar
author-rank amcbarnett
Guru

Created ‎10-21-2015 10:14 PM

KeySecure key management platform has different mechanisms for integration

  • their own Network Attached Encryption (NAE) API and
  • the OASIS-standards based Key Management Interoperability Protocol (KMIP) API,

each of which can either be used directly and/or optionally fronted with either SOAP or REST web services interfaces.

Voltage offers an alternate KMS to Ranger KMS, and Voltage KMS also works with HDFS encryption. Voltage KMS works on a stateless key management but they can also work with a Hardware Software Modules (HSM) like Safenet.

SAfenet is a hardware security module. Ranger KMS would have to be configured with a proxy to store the Encryption Zone Keys (EZK) in Safenet instead of a database. Voltage KMS is the only solution so far for this.

So long and short, Voltage is an alternative KMS to Ranger KMS.

Saftenet cannot be used as a direct alternative to Ranger KMS because it is a HSM and it would need a proxy software or a KMS in between.

2,079 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎10-21-2015 11:58 PM

@amcbarnett@hortonworks.com

2,078 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎10-22-2015 12:00 AM

@amcbarnett@hortonworks.com

Yes

Voltage

Safenet-inc

2,078 Views
0 Kudos

avatar
author-rank karl_funk
New Contributor

Created ‎09-05-2016 02:39 PM

As of HDP 2.5 Safenet Luna is supported...

https://cwiki.apache.org/confluence/display/RANGER/Ranger+KMS+Luna+HSM+Support

2,078 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements