Why do you have a hard-requirement on using SSL?
HBase itself does not use SSL to provide confidentiality on its wire
communication, it relies on jGSS and SASL to implement this security.
Under the hood, this actually boils down to using GSSAPI, Kerberos
specifically, to implement privacy (e.g. aes256-cts-hmac-sha1-96).
Take a look at
https://hbase.apache.org/book.html#_server_side_configuration_for_secure_operation.
Phoenix executes all of its RPCs over HBase RPCs, so if you have HBase
set up correctly, Phoenix will follow.
If you want to introduce the Phoenix Query Server into your
architecture, you can place it behind an SSL/TLS proxy server (or
configure PQS directly with SSL/TLS using a sufficiently new version of
Phoenix). This would be the only way I know of to "use Phoenix with
SSL", but, in my experience, this is rarely what people actually want
when they say this ;)
Disclaimer: I have no idea how any of this translates to EMR :)
On 11/24/17 12:01 PM, Ash N wrote:
Hello All,
Thank you for the great work the team is doing on Phoenix.
Summary : does Phoenix support SSL connection in Amazon EMR Cluster?
We are running Phoenix on EMR cluster in Amazon. We have a need to
connect to Phoenix over SSL. I don't see much documentation around this
topic anywhere also I saw a couple of jira tickets that did not provide
enough help or direction on this topic.
If Phoenix does not support SSL connections what are my options?
Starting off six months ago, we assumed this should not be an issue.
Now we are in big trouble.
All and any help is greatly appreciated.
Thanks
Ash
