Navigator Encrypt 3.11.0
Encrypt ALL the data in your cluster
High-performance encryption for metadata, temp files, ingest paths and log files within Hadoop. Complements HDFS encryption for comprehensive protection of the cluster.
This software is available to enterprise customers who are licensed for Navigator use.
- System Requirements
- What's New
- Documentation
System Requirements
Operating System Requirements
- Linux kernel 2.6.19 or higher (RHEL and CentOS can use 2.6.18-92 or higher)
- RHEL and CentOS: 5.7, 5.10, 6.4, 6.5, 6.6, 6.7, 7.1, 7.2, 7.3
- Oracle Enterprise Linux (Red Hat Compatible Kernel): 6.4, 6.5, 6.6, 6.7, 7.1, 7.2
- Oracle Enterprise Linux (Unbreakable Enterprise Kernel 2 or 3): 6.5
- SLES: 11 SP2, 11 SP3, 11 SP4, 12 SP1Note: SLES 11 does not support the ext4 filesystem.
- Debian: 7.1, 7.8
- Ubuntu: 12.04, 14.04, 14.04.3
Important: With the exception of Cloudera Navigator Encrypt, Cloudera Enterprise is supported on platforms with Security-Enhanced Linux (SELinux) enabled. However, policies need to be provided by other parties or created by the administrator of the cluster deployment. Cloudera is not responsible for policy support nor policy enforcement, nor for any issues with them. If you experience issues with SELinux, contact your OS support provider.
Supported command-line interpreters:
- sh (Bourne)
- bash (Bash)
- dash (Debian)
Note: Navigator Encrypt does not support installation or use in chroot environments.
SELinux Requirements
SELinux must be disabled for Key Trustee installation and operation. Modify /etc/selinux/config to set SELINUX=disabled and reboot the system for the change to take effect.
Network Requirements
For new Navigator Key Trustee Server (5.4.0 and higher) installations, Navigator Encrypt initiates TCP traffic over port 11371 (HTTPS) to the Key Trustee Server.
For upgrades and Key Trustee Server versions lower than 5.4.0, Navigator Encrypt initiates TCP traffic over ports 80 (HTTP) and 443 (HTTPS) to the Navigator Key Trustee Server.
Internet Access
You must have an active connection to the Internet to download many package dependencies, unless you have internal repositories or mirrors containing the dependent packages.
Maintenance Window
Data is not accessible during the encryption process. Plan for system downtime during installation and configuration.
Administrative Access
To enforce a high level of security, all Navigator Encrypt commands require administrative (root) access (including installation and configuration). If you do not have administrative privileges on your server, contact your system administrator before proceeding.
Package Dependencies
Navigator Encrypt requires these packages, which are resolved by your distribution package manager during installation:
- dkms
- keyutils
- ecryptfs-utils
- libkeytrustee
- navencrypt-kernel-module
- openssl
- lsof
- gcc
- cryptsetup
These packages may have other dependencies that are also resolved by your package manager. Installation works with gcc, gcc3, and gcc4.
What's New
Documentation
Related Downloads
Navigator Key Trustee Server
Enterprise-grade key management, storing keys for HDFS encryption and Navigator Encrypt. Required prerequisite for all 3 of the related encryption downloads.
Navigator Key Trustee KMS
Connects HDFS Encryption to Navigator Key Trustee Server for production-ready key storage.
Navigator Key HSM
Integrates Navigator Key Trustee to existing Hardware Security Modules (HSMs), providing an (optional) additional layer of security.
Want to Get Involved or Learn More?
Check out our other resources
Cloudera Community
Collaborate with your peers, industry experts, and Clouderans to make the most of your investment in Hadoop.
Cloudera Educational Services
Receive expert Hadoop training through Cloudera Educational Services, the industry's only truly dynamic Hadoop training curriculum that’s updated regularly to reflect the state of the art in big data.