Note To check if EBS encryption is enabled on your cluster it is recommended

Note to check if ebs encryption is enabled on your

This preview shows page 173 - 175 out of 395 pages.

Note To check if EBS encryption is enabled on your cluster, it is recommended that you use DescribeVolumes API call. For more information, see DescribeVolumes . Running lsblk on the cluster will only check the status of LUKS encryption, instead of EBS encryption. Encryption in Transit Several encryption mechanisms are enabled with in-transit encryption. These are open-source features, are application-specific, and may vary by Amazon EMR release. The following application-specific encryption features can be enabled using security configurations: Hadoop (for more information, see Hadoop in Secure Mode in Apache Hadoop documentation): Hadoop MapReduce Encrypted Shuffle uses TLS. Secure Hadoop RPC is set to "Privacy" and uses SASL (activated in Amazon EMR when at-rest encryption is enabled). 167
Image of page 173
Amazon EMR Management Guide Encrypt Data at Rest and in Transit Data encryption on HDFS block data transfer uses AES 256 (activated in Amazon EMR when at-rest encryption is enabled in the security configuration). • HBase: When Kerberos is enabled, the hbase.rpc.protection property is set to privacy for encrypted communication. For more information, see Client-side Configuration for Secure Operation in Apache HBase documentation. For more information about Kerberos with Amazon EMR, see Use Kerberos Authentication (p. 215) . • Presto: Internal communication between Presto nodes uses SSL/TLS (Amazon EMR version 5.6.0 and later only). • Tez: Tez Shuffle Handler uses TLS ( tez.runtime.ssl.enable ). Spark (for more information, see Spark security settings ): Internal RPC communication between Spark components, such as the block transfer service and the external shuffle service, is encrypted using the AES-256 cipher in Amazon EMR versions 5.9.0 and later. In earlier releases, internal RPC communication is encrypted using SASL with DIGEST-MD5 as the cipher. HTTP protocol communication with user interfaces such as Spark History Server and HTTPS- enabled file servers is encrypted using Spark's SSL configuration. For more information, see SSL Configuration in Spark documentation. You specify the encryption artifacts used for in-transit encryption in one of two ways: either by providing a zipped file of certificates that you upload to Amazon S3, or by referencing a custom Java class that provides encryption artifacts. For more information, see Providing Certificates for Encrypting Data in Transit with Amazon EMR Encryption (p. 171) . Create Keys and Certificates for Data Encryption Before you specify encryption options using a security configuration, decide on the provider you want to use for keys and encryption artifacts. For example, you can use AWS KMS or a custom provider that you create. Next, create the keys or key provider as described in this section.
Image of page 174
Image of page 175

You've reached the end of your free preview.

Want to read all 395 pages?

  • Spring '12
  • LauraParker
  • Amazon Web Services, Amazon Elastic Compute Cloud

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask You can ask ( soon) You can ask (will expire )
Answers in as fast as 15 minutes