My Oracle Support Banner

HDFS Transparent Encryption, KMS Proxy Servers, and Key Trustee Server Frequently Asked Questions (FAQ) (Doc ID 2291836.1)

Last updated on NOVEMBER 04, 2019

Applies to:

Big Data Appliance Integrated Software - Version 4.7.0 and later
Linux x86-64

Purpose

This document provides answers to frequently asked questions on HDFS transparent encryption, KMS Proxy Servers, and Key Trustee Servers.

 

Questions and Answers

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Questions and Answers
 What is the recommended way to enable HDFS Transparent Encryption?
 What if you want to enable HDFS Transparent Encryption after upgrading the BDA?
 What exactly is the Key Trustee Sever vs the Key Trustee KMS Proxy?
 Does it matter what OS is used for the edge nodes to back KMS Proxy Servers /Key Trustee Servers?
 Does this mean that it is possible to have an edge node for KMS Proxy Servers/Key Trustee Servers running RHEL?
 Is there any problem having both Key Trustee Servers and KMS Proxy Servers off the BDA?
 In the case of KMS Proxy Servers or Key Trustee Servers on an edge node can they be updated by Mammoth?
 If HDFS Transparent Encryption was not enabled with Mammoth then by default will either the Key Trustee Servers or KMS Proxy Servers be upgraded by Mammoth?
 What happens to Key Trustee Servers setup off the BDA during BDA 4.9  upgrade?
 If Key Trustee Servers are setup off the BDA when should they be manually upgraded?  Would this be before or after the rest of the cluster?
 What happens to Key Trustee Servers setup on the BDA but not set up on the BDA by Mammoth during BDA 4.9 upgrade?
 What happens to KMS Proxy Servers setup on the BDA but not set up on the BDA by Mammoth during BDA 4.9 upgrade?
 If KMS Proxy Servers and Key Trustee Servers ave been installed on BDA nodes but not by Mammoth will that impact upgrade?
 If Key Trustee Servers and KMS Proxy Servers are setup on the BDA outside of Mammoth is there ever a chance they can be upgraded by Mammoth?
 If Key Trustee Servers are configured manually outside of Mammoth should ACTIVE_KEY_TRUSTEE_SERVER and PASSIVE_KEY_TRUSTEE_SERVER use FQDNs?
 What are the recommendations on backing up Key Trustee Servers?
 Are there any details on how to backup Key Trustee Servers and KMS Proxy Servers?
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.