Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Setting up Cloudera Navigator Encrypt

avatar
Explorer

We are looking into setting up Cloudera Navigator Encrypt to properly encrpyt some Kudu data that we have. Most pieces with the Encrypt install seem pretty straight forward, however I have a few questions.

 

-Does Encrypt need to be installed on all of the hosts that will have the encrypted data?

 

-Since we are going to be encrypting multiple Kudu disks, is it best to create an LVM with all of the disks so a single mount point can then be encrypted?

 

Thanks. 

2 ACCEPTED SOLUTIONS

avatar
Explorer

For anyone that stumbles upon this same issue I'll porived some details.

 

-Encrypt goes onto every machine that will have data which needs to be encrypted. In our case that is the kudu masters and tablets.

 

-LVM was setup and mounted through Navencrypt. With 3 replicas setup we were ok with the fact of losing a tablet server entirely, should a disk fail. 

View solution in original post

avatar
Rising Star
In Hadoop and Kafka, one normally would not use RAID or LVM for data disks. Instead each disk has a partition that consumes the entire disk and a filesystem is written to that partition.

In the case of NavEnc, after partitioning, each disk is first encrypted and then has the filesystem written on top of the encrypted volume.

Tying together multiple disks into one large filesystem is the opposite of what Kafka or Hadoop expect you to do and you lose out on the advantages of parallelism.

View solution in original post

2 REPLIES 2

avatar
Explorer

For anyone that stumbles upon this same issue I'll porived some details.

 

-Encrypt goes onto every machine that will have data which needs to be encrypted. In our case that is the kudu masters and tablets.

 

-LVM was setup and mounted through Navencrypt. With 3 replicas setup we were ok with the fact of losing a tablet server entirely, should a disk fail. 

avatar
Rising Star
In Hadoop and Kafka, one normally would not use RAID or LVM for data disks. Instead each disk has a partition that consumes the entire disk and a filesystem is written to that partition.

In the case of NavEnc, after partitioning, each disk is first encrypted and then has the filesystem written on top of the encrypted volume.

Tying together multiple disks into one large filesystem is the opposite of what Kafka or Hadoop expect you to do and you lose out on the advantages of parallelism.