hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anu Engineer (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDDS-1041) Support TDE(Transparent Data Encryption) for Ozone
Date Sat, 16 Feb 2019 18:34:01 GMT

     [ https://issues.apache.org/jira/browse/HDDS-1041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Anu Engineer updated HDDS-1041:
-------------------------------
       Resolution: Fixed
    Fix Version/s: 0.4.0
           Status: Resolved  (was: Patch Available)

Thank you for the contribution. I have committed this to the trunk.

> Support TDE(Transparent Data Encryption) for Ozone
> --------------------------------------------------
>
>                 Key: HDDS-1041
>                 URL: https://issues.apache.org/jira/browse/HDDS-1041
>             Project: Hadoop Distributed Data Store
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>             Fix For: 0.4.0
>
>         Attachments: HDDS-1041.001.patch, HDDS-1041.002.patch, HDDS-1041.003.patch, HDDS-1041.004.patch,
Ozone Encryption At-Rest - V2019.2.7.pdf, Ozone Encryption At-Rest v2019.2.1.pdf
>
>
> Currently ozone saves data unencrypted on datanode, this ticket is opened to support TDE(Transparent
Data Encryption) for Ozone to meet the requirement of use cases that need protection of sensitive
data.
> The table below summarize the comparison of HDFS TDE and Ozone TDE: 
>  
> |*HDFS*|*Ozone*|
> |Encryption zone created at directory level.
>  All files created within the encryption zone will be encryption.|Encryption enabled
at Bucket level.
>  All objects created within the encrypted bucket will be encrypted.|
> |Encryption zone created with ZK(Zone Key)|Encrypted Bucket created with BEK(Bucket Encryption
Key)|
> |Per File Encryption  
>  * File encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with ZK as EDEK by KMS and persisted as extended attributes.|Per Object
Encryption
>  * Object encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with BEK as EDEK by KMS and persisted as object metadata.|
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message