Configuring Encryption in Cloudera Manager
The goal of encryption is to ensure that only authorized users can view, use, or contribute to a data set. These security controls add another layer of protection against potential threats by end-users, administrators and other malicious actors on the network.
Encryption can be applied to encrypt data just before it gets sent across a network and to decrypt it as soon as it is received. In Hadoop this means coverage for data sent from client user interfaces as well as service-to-service communication like remote procedure calls (RPCs). This protection is available now on virtually all transmissions within the Hadoop ecosystem using industry-standard protocols such as SSL/TLS.
Cloudera recommends you secure a cluster using Kerberos before you enable SSL encryption. The topics in this section will walk you through creating and deploying certificates and keystores/truststores and some common certificate provisioning strategies. Make sure you have deployed certificates and keystores on the cluster before you enable SSL for the core Hadoop services (HDFS, MapReduce and YARN).