Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

HBase end-to-end over the wire encryption

avatar
Master Mentor

Need to know about:

  • 1.communication between RS can be encrypted
  • 2.hbase client to ZK
  • 3.phoenix jdbc client connection encryption
  • 4. within ZK znodes, is there any customer information that needs to be protected
1 ACCEPTED SOLUTION

avatar
Super Guru
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
5 REPLIES 5

avatar
Super Guru
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar

#3.. In this case flume is connecting to HBase via Phoenix JDBC. So the question is if we need to do something for the JDBC connection to secure with SSL..

avatar
Super Guru

@Ancil McBarnett

Looking at the documentation, the way I understand it is, that Phoenix JDBC driver uses HBase RPC mechanism and like @Josh Elser noted, that's already covered in the secure client side configuration. See this link and notice how JDBC client is actually connected to Zookeeper.

https://streever.atlassian.net/wiki/display/HADOOP/Phoenix+JDBC+Client+Setup

avatar
Super Guru

@Ancil McBarnett HBase doesn't use SSL to protect RPCs

avatar
Guru

ZooKeeper has SSL with Netty. But I am not sure it is tested well. https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide

@Josh, in case of HBase tokens, I think they are stored in ZK. Can this be a concern?