[ https://issues.apache.org/jira/browse/HDDS-1041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16758863#comment-16758863 ]
Yiqun Lin commented on HDDS-1041: --------------------------------- Hi [~xyao], is this feature planning to target in version 0.4? I didn't see this planning in Ozone Road map. > Support TDE(Transparent Data Encryption) for Ozone > -------------------------------------------------- > > Key: HDDS-1041 > URL: https://issues.apache.org/jira/browse/HDDS-1041 > Project: Hadoop Distributed Data Store > Issue Type: New Feature > Components: Security > Reporter: Xiaoyu Yao > Assignee: Xiaoyu Yao > Priority: Major > Attachments: Ozone Encryption At-Rest v2019.2.1.pdf > > > Currently ozone saves data unencrypted on datanode, this ticket is opened to > support TDE(Transparent Data Encryption) for Ozone to meet the requirement of > use cases that need protection of sensitive data. > The table below summarize the comparison of HDFS TDE and Ozone TDE: > > |*HDFS*|*Ozone*| > |Encryption zone created at directory level. > All files created within the encryption zone will be encryption.|Encryption > enabled at Bucket level. > All objects created within the encrypted bucket will be encrypted.| > |Encryption zone created with ZK(Zone Key)|Encrypted Bucket created with > BEK(Bucket Encryption Key)| > |Per File Encryption > * File encrypted with DEK(Data Encryption Key) > * DEK is encrypted with ZK as EDEK by KMS and persisted as extended > attributes.|Per Object Encryption > * Object encrypted with DEK(Data Encryption Key) > * DEK is encrypted with BEK as EDEK by KMS and persisted as object metadata.| > > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org