AnsweredAssumed Answered

Difference between volume "wire encryption" and core "wire-level encryption"?

Question asked by reedv on Feb 21, 2018
Latest reply on Feb 22, 2018 by deborah

In the mapr6.0 MCS, when creating a volume, there is an option to select "wire encryption" for the volume (no info blurb is provided), the mapr docs (volume create) about volume creation say that this setting is for overriding wire-security settings at the file level (implying some higher global file level encryption setting that can be turned on).

Then, there is another piece of documentation (Enabling Wire-level Security) that talks about enabling wire level security, though this seems like its at a different level (ie. saying: "Don't just turn on wire-encryption on a per volume basis, but for the entire cluster."). Is this correct? Basically my questions are:

 

1. Are the wire encryption settings in the MCS volume creator and configure.sh script with the -secure -genkeys (which are used the the other documentation I reference) referring to the same thing, expect the later applies at a global level?

2. The docs seem to indicate that volume level wire encryption set in the MCS does not take affect if the cluster is not already "secured". What does this mean and how would I check that my cluster is secured (users need to generate tickets to communicate with hadoop and use passwords to log into the MCS, if that's what it means)?

3. What is the purpose of encryption the traffic between nodes and what is being encryption in the first place? Is it for things like the volume container resyncs (just going off the logic of 'why would wire-encryption be settable on per volume basis specifically')? 

 

Thanks.

Outcomes