Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDFS Data at Rest Encryption

HDFS Data at Rest Encryption

Please help me to understand the below questions:

  1. Is it mandatory to use HSM for implementing data at rest in the production environment?
  2. When we write files into the encryption zone, there is an EDEK generated for each file by the KMS, is KMS not able to handle the burden?
  3. Is scalability the only issue with KMS or there are any other problems that we might run into while using KMS for Data at Rest Encryption?
  4. Can hive read and write data into an encryption zone without any configuration changes? What about the other AD users/Zepplin who have access to reports build on hive?
  5. The encryption zones need to be created with hdfs admin account and not the hdfs service account which is created during the cluster setup. What if the service user has access to the dfsadmin?

Thanks In Advance!!

Sandeep Pandita


Don't have an account?
Coming from Hortonworks? Activate your account here