How to Enable/Disable Network Encryption on Oracle Big Data Appliance V4.2 and Higher (Doc ID 2086478.1)

Last updated on JULY 07, 2022

Applies to:

Purpose

The document provides steps and prerequisites for enabling Hadoop network encryption on Oracle Big Data Appliance v4.2.0 and higher with Mammoth.

As background there are 2 separate network encryption options:

1. hdfs_encrypted_data_transport:
This encryption option provides encryption of HDFS data transport between DataNodes and clients, and among DataNodes. Kerberos is required. It applies to HDFS data only.

2. hadoop_network_encryption:
This encryption option provides HTTPS encryption and Kerberos authentication for HDFS and YARN, and also enables encrypted web shuffling for YARN. Data spills to non-HFDS disk storage from Spark shuffle, MapReduce intermediate files, map and reduce operations, and Impala SQL are also encrypted. Basically this option encrypts all network traffic except HDFS data transport.

This note refers specifically to Hadoop network encryption and does not cover enabling encryption of HDFS data transport between DataNodes and clients, and among DataNodes which requires using a different bdacli command to enable it.  The command is:  "bdacli enable hdfs_encrypted_data_transport".

To enable Hadoop network encryption:

On BDA 4.2 use: "bdacli enable network_encryption".

Post BDA 4.2 use: "bdacli enable hadoop_network_encryption".

This MOS note uses: "bdacli enable hadoop_network_encryption".

Scope

 This document will be used by Oracle ACS, Oracle Support, and System Administrators for the Oracle Big Data Appliance.

Details

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.