[jira] [Commented] (HDDS-1041) Support TDE(Transparent Data Encryption) for Ozone

Tue, 05 Feb 2019 19:00:32 -0800 


    [ 
https://issues.apache.org/jira/browse/HDDS-1041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16761394#comment-16761394
 ] 

Anu Engineer commented on HDDS-1041:
------------------------------------

bq. Like the /.reserved/raw directory in HDFS. We've seen some use cases that 
requires accessing the raw data. Not sure if those use cases are applicable to 
Ozone, but thought I should bring it up.

Not today, thanks for flagging this. I will sync with you to learn more about 
this and how we can get this done in Ozone.

> Support TDE(Transparent Data Encryption) for Ozone
> --------------------------------------------------
>
>                 Key: HDDS-1041
>                 URL: https://issues.apache.org/jira/browse/HDDS-1041
>             Project: Hadoop Distributed Data Store
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>         Attachments: Ozone Encryption At-Rest v2019.2.1.pdf
>
>
> Currently ozone saves data unencrypted on datanode, this ticket is opened to 
> support TDE(Transparent Data Encryption) for Ozone to meet the requirement of 
> use cases that need protection of sensitive data.
> The table below summarize the comparison of HDFS TDE and Ozone TDE: 
>  
> |*HDFS*|*Ozone*|
> |Encryption zone created at directory level.
>  All files created within the encryption zone will be encryption.|Encryption 
> enabled at Bucket level.
>  All objects created within the encrypted bucket will be encrypted.|
> |Encryption zone created with ZK(Zone Key)|Encrypted Bucket created with 
> BEK(Bucket Encryption Key)|
> |Per File Encryption  
>  * File encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with ZK as EDEK by KMS and persisted as extended 
> attributes.|Per Object Encryption
>  * Object encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with BEK as EDEK by KMS and persisted as object metadata.|
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to