Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.
Solved Go to solution

Setting up Cloudera Navigator Encrypt

Labels:
ahansen
Explorer

Created ‎07-18-2017 10:55 AM

We are looking into setting up Cloudera Navigator Encrypt to properly encrpyt some Kudu data that we have. Most pieces with the Encrypt install seem pretty straight forward, however I have a few questions.

 

-Does Encrypt need to be installed on all of the hosts that will have the encrypted data?

 

-Since we are going to be encrypting multiple Kudu disks, is it best to create an LVM with all of the disks so a single mount point can then be encrypted?

 

Thanks. 

1,763 Views
0 Kudos
2 ACCEPTED SOLUTIONS

ahansen
Explorer

Created ‎08-08-2017 11:53 AM

For anyone that stumbles upon this same issue I'll porived some details.

 

-Encrypt goes onto every machine that will have data which needs to be encrypted. In our case that is the kudu masters and tablets.

 

-LVM was setup and mounted through Navencrypt. With 3 replicas setup we were ok with the fact of losing a tablet server entirely, should a disk fail. 

View solution in original post

1,703 Views
0 Kudos

mjarnold
Contributor

Created ‎04-16-2018 07:46 AM

In Hadoop and Kafka, one normally would not use RAID or LVM for data disks. Instead each disk has a partition that consumes the entire disk and a filesystem is written to that partition.

In the case of NavEnc, after partitioning, each disk is first encrypted and then has the filesystem written on top of the encrypted volume.

Tying together multiple disks into one large filesystem is the opposite of what Kafka or Hadoop expect you to do and you lose out on the advantages of parallelism.

View solution in original post

1,432 Views
0 Kudos
2 REPLIES 2

ahansen
Explorer

Created ‎08-08-2017 11:53 AM

For anyone that stumbles upon this same issue I'll porived some details.

 

-Encrypt goes onto every machine that will have data which needs to be encrypted. In our case that is the kudu masters and tablets.

 

-LVM was setup and mounted through Navencrypt. With 3 replicas setup we were ok with the fact of losing a tablet server entirely, should a disk fail. 

1,704 Views
0 Kudos

mjarnold
Contributor

Created ‎04-16-2018 07:46 AM

In Hadoop and Kafka, one normally would not use RAID or LVM for data disks. Instead each disk has a partition that consumes the entire disk and a filesystem is written to that partition.

In the case of NavEnc, after partitioning, each disk is first encrypted and then has the filesystem written on top of the encrypted volume.

Tying together multiple disks into one large filesystem is the opposite of what Kafka or Hadoop expect you to do and you lose out on the advantages of parallelism.
1,433 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements