[
https://issues.apache.org/jira/browse/HDDS-1041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaoyu Yao updated HDDS-1041:
-----------------------------
Attachment: HDDS-1041.003.patch
> Support TDE(Transparent Data Encryption) for Ozone
> --------------------------------------------------
>
> Key: HDDS-1041
> URL: https://issues.apache.org/jira/browse/HDDS-1041
> Project: Hadoop Distributed Data Store
> Issue Type: New Feature
> Components: Security
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
> Attachments: HDDS-1041.001.patch, HDDS-1041.002.patch,
> HDDS-1041.003.patch, Ozone Encryption At-Rest - V2019.2.7.pdf, Ozone
> Encryption At-Rest v2019.2.1.pdf
>
>
> Currently ozone saves data unencrypted on datanode, this ticket is opened to
> support TDE(Transparent Data Encryption) for Ozone to meet the requirement of
> use cases that need protection of sensitive data.
> The table below summarize the comparison of HDFS TDE and Ozone TDE:
>
> |*HDFS*|*Ozone*|
> |Encryption zone created at directory level.
> All files created within the encryption zone will be encryption.|Encryption
> enabled at Bucket level.
> All objects created within the encrypted bucket will be encrypted.|
> |Encryption zone created with ZK(Zone Key)|Encrypted Bucket created with
> BEK(Bucket Encryption Key)|
> |Per File Encryption
> * File encrypted with DEK(Data Encryption Key)
> * DEK is encrypted with ZK as EDEK by KMS and persisted as extended
> attributes.|Per Object Encryption
> * Object encrypted with DEK(Data Encryption Key)
> * DEK is encrypted with BEK as EDEK by KMS and persisted as object metadata.|
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
