hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anu Engineer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDDS-1041) Support TDE(Transparent Data Encryption) for Ozone
Date Sat, 16 Feb 2019 18:23:00 GMT

    [ https://issues.apache.org/jira/browse/HDDS-1041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16770166#comment-16770166

Anu Engineer commented on HDDS-1041:

+1, I will commit this shortly. In the long run, we might want to factor out these functions
from becoming too long. But nothing we need to do now.

> Support TDE(Transparent Data Encryption) for Ozone
> --------------------------------------------------
>                 Key: HDDS-1041
>                 URL: https://issues.apache.org/jira/browse/HDDS-1041
>             Project: Hadoop Distributed Data Store
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>         Attachments: HDDS-1041.001.patch, HDDS-1041.002.patch, HDDS-1041.003.patch, HDDS-1041.004.patch,
Ozone Encryption At-Rest - V2019.2.7.pdf, Ozone Encryption At-Rest v2019.2.1.pdf
> Currently ozone saves data unencrypted on datanode, this ticket is opened to support TDE(Transparent
Data Encryption) for Ozone to meet the requirement of use cases that need protection of sensitive
> The table below summarize the comparison of HDFS TDE and Ozone TDE: 
> |*HDFS*|*Ozone*|
> |Encryption zone created at directory level.
>  All files created within the encryption zone will be encryption.|Encryption enabled
at Bucket level.
>  All objects created within the encrypted bucket will be encrypted.|
> |Encryption zone created with ZK(Zone Key)|Encrypted Bucket created with BEK(Bucket Encryption
> |Per File Encryption  
>  * File encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with ZK as EDEK by KMS and persisted as extended attributes.|Per Object
>  * Object encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with BEK as EDEK by KMS and persisted as object metadata.|

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message