Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Navigator KTS serves multiple clusters with their own KMS proxy

Navigator KTS serves multiple clusters with their own KMS proxy

Expert Contributor

Is it possible to use KTS cluster to serve multiple Hadoop clusters?

3 REPLIES 3

Re: Navigator KTS serves multiple clusters with their own KMS proxy

Expert Contributor

From KTS architecture, I see non reason it can not serve multiple clusters. All it does is to provide KeyProvider client API for clients to call, and the clients can be from any where. Could any one in Cloudera confirm?

Highlighted

Re: Navigator KTS serves multiple clusters with their own KMS proxy

Explorer

Hi,

 

As per the documentation and architecture you can use KTS server which can managed outside the cluster.  So I believe you can use the one KTS cluster to manage multiple Hadoop clusters. I'm going to test this setup in couple of weeks (I will update this thread) but this is possible as far as I remember.  But answers from Cloudera team will be apprecaited.

 

Cheers

Nagaraj C

 

 

Re: Navigator KTS serves multiple clusters with their own KMS proxy

Rising Star

I would not recommend this setup for a couple of reasons.

  1. You will be having keys for multiple clusters in a single server. If for some reason your KTS machine goes down, then your keys at both the location are inaccessible.
  2. If you are using it for two different clusters, then the problem is incase one of your KTS machine is compromised, then the data in both are compromised.

 

If you are trying this in a dev/qa cluster, it is not such a huge worry. But do take into consideration the different security and administrative aspects of sharing a Key Trustee Server.