[jira] [Commented] (HDDS-1041) Support TDE(Transparent Data Encryption) for Ozone

Fri, 15 Feb 2019 20:49:21 -0800 


    [ 
https://issues.apache.org/jira/browse/HDDS-1041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16770007#comment-16770007
 ] 

Xiaoyu Yao commented on HDDS-1041:
----------------------------------

Upload patch v4 that fixed checkstyle and the failure in 
TestResultCodes.codeMapping.

 

Other three failures seem from HDDS-981. Will open separate ticket for the fix.

> Support TDE(Transparent Data Encryption) for Ozone
> --------------------------------------------------
>
>                 Key: HDDS-1041
>                 URL: https://issues.apache.org/jira/browse/HDDS-1041
>             Project: Hadoop Distributed Data Store
>          Issue Type: New Feature
>          Components: Security
>            Reporter: Xiaoyu Yao
>            Assignee: Xiaoyu Yao
>            Priority: Major
>         Attachments: HDDS-1041.001.patch, HDDS-1041.002.patch, 
> HDDS-1041.003.patch, HDDS-1041.004.patch, Ozone Encryption At-Rest - 
> V2019.2.7.pdf, Ozone Encryption At-Rest v2019.2.1.pdf
>
>
> Currently ozone saves data unencrypted on datanode, this ticket is opened to 
> support TDE(Transparent Data Encryption) for Ozone to meet the requirement of 
> use cases that need protection of sensitive data.
> The table below summarize the comparison of HDFS TDE and Ozone TDE: 
>  
> |*HDFS*|*Ozone*|
> |Encryption zone created at directory level.
>  All files created within the encryption zone will be encryption.|Encryption 
> enabled at Bucket level.
>  All objects created within the encrypted bucket will be encrypted.|
> |Encryption zone created with ZK(Zone Key)|Encrypted Bucket created with 
> BEK(Bucket Encryption Key)|
> |Per File Encryption  
>  * File encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with ZK as EDEK by KMS and persisted as extended 
> attributes.|Per Object Encryption
>  * Object encrypted with DEK(Data Encryption Key)
>  * DEK is encrypted with BEK as EDEK by KMS and persisted as object metadata.|
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org

Reply via email to