How to Configure Encrypted Transport for HBase Data

This topic describes how to configure encrypted HBase data transport using Cloudera Manager and the command line.

Configuring Encrypted HBase Data Transport Using Cloudera Manager

Minimum Required Role: Full Administrator

To enable encryption of data transferred between HBase masters and RegionServers and between RegionServers and clients:
  1. Enable Hadoop security using Kerberos.
  2. Configure Kerberos authentication for HBase.
  3. Select the HBase service.
  4. Click the Configuration tab.
  5. Select Scope > HBase (Service Wide).
  6. Select Category > Security.
  7. Search for the HBase Transport Security property and select one of the following:
    • authentication: Enables simple authentication using Kerberos.
    • integrity: Checks the integrity of data received to ensure it was not corrupted in transit. Selecting integrity also enables authentication.
    • privacy: Ensures privacy by encrypting the data in transit using TLS/SSL encryption. Selecting privacy also enables authentication and integrity.

      Set this property to privacy to enable secure RPC transport.

  8. Click Save Changes.
  9. Restart the HDFS service.

Configuring Encrypted HBase Data Transport Using the Command Line

  1. Enable Hadoop Security using Kerberos.
  2. Enable HBase security using Kerberos.
  3. Enable RPC encryption by setting hbase.rpc.protection in the hbase-site.xml file to one of the following:
    • authentication: Enables simple authentication using Kerberos.
    • integrity: Checks the integrity of data received to ensure it was not corrupted in transit. Selecting integrity also enables authentication.
    • privacy: Ensures privacy by encrypting the data in transit using TLS/SSL encryption. Selecting privacy also enables authentication and integrity.

      Set this property to privacy to enable secure RPC transport.

  4. Restart all daemons.