Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Setting up Cloudera Navigator Encrypt

Labels:
avatar
author-rank ahansen
Explorer

Created ‎07-18-2017 10:55 AM

We are looking into setting up Cloudera Navigator Encrypt to properly encrpyt some Kudu data that we have. Most pieces with the Encrypt install seem pretty straight forward, however I have a few questions.

 

-Does Encrypt need to be installed on all of the hosts that will have the encrypted data?

 

-Since we are going to be encrypting multiple Kudu disks, is it best to create an LVM with all of the disks so a single mount point can then be encrypted?

 

Thanks. 

2,685 Views
0 Kudos
0
2 ACCEPTED SOLUTIONS

avatar
author-rank ahansen
Explorer

Created ‎08-08-2017 11:53 AM

For anyone that stumbles upon this same issue I'll porived some details.

 

-Encrypt goes onto every machine that will have data which needs to be encrypted. In our case that is the kudu masters and tablets.

 

-LVM was setup and mounted through Navencrypt. With 3 replicas setup we were ok with the fact of losing a tablet server entirely, should a disk fail. 

View solution in original post

2,625 Views
0 Kudos
0

avatar
author-rank mjarnold
Rising Star

Created ‎04-16-2018 07:46 AM

In Hadoop and Kafka, one normally would not use RAID or LVM for data disks. Instead each disk has a partition that consumes the entire disk and a filesystem is written to that partition.

In the case of NavEnc, after partitioning, each disk is first encrypted and then has the filesystem written on top of the encrypted volume.

Tying together multiple disks into one large filesystem is the opposite of what Kafka or Hadoop expect you to do and you lose out on the advantages of parallelism.

View solution in original post

2,354 Views
0 Kudos
0
2 REPLIES 2

avatar
author-rank ahansen
Explorer

Created ‎08-08-2017 11:53 AM

For anyone that stumbles upon this same issue I'll porived some details.

 

-Encrypt goes onto every machine that will have data which needs to be encrypted. In our case that is the kudu masters and tablets.

 

-LVM was setup and mounted through Navencrypt. With 3 replicas setup we were ok with the fact of losing a tablet server entirely, should a disk fail. 

2,626 Views
0 Kudos
0

avatar
author-rank mjarnold
Rising Star

Created ‎04-16-2018 07:46 AM

In Hadoop and Kafka, one normally would not use RAID or LVM for data disks. Instead each disk has a partition that consumes the entire disk and a filesystem is written to that partition.

In the case of NavEnc, after partitioning, each disk is first encrypted and then has the filesystem written on top of the encrypted volume.

Tying together multiple disks into one large filesystem is the opposite of what Kafka or Hadoop expect you to do and you lose out on the advantages of parallelism.
2,355 Views
0 Kudos
0
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements