检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Encrypt and store them in configuration files or environment variables and decrypt them when needed. // The password is stored in environment variables for identity authentication.
Encrypt passwords before transferring them, and do not transfer them via email. Encrypt passwords for storage. Remind enterprise users to change passwords during system handover. Change passwords periodically.
You can replace the default certificates of a cluster according to the following guidance: The MRS CA certificate is used to encrypt data during the communication between the client and the server of a component to ensure communication security.
SSL_ENABLE ALL true Whether to encrypt the channel between the client and server using SSL Click Save. Click the Instance tab. Select the corresponding instance and choose More > Restart Instance to make the configuration take effect. Parent topic: IoTDB O&M Management
Encrypt and store them in configuration files or environment variables and decrypt them when needed. // The password is stored in environment variables for identity authentication.
Run the following command to switch the directory: cd fusioninsight-flume-Flume component version number/bin Run the following command to encrypt information: ./genPwFile.sh Input the information that you want to encrypt twice.
You can configure the AES and SM4 (also called SMS4) algorithms to encrypt them. Data Transmission Security In an MRS cluster, HTTPS encryption is supported for access over web channels.
Run the following command to switch the directory: cd fusioninsight-flume-Flume component version number/bin Run the following command to encrypt information: ./genPwFile.sh Input the information that you want to encrypt twice.
To encrypt them, perform the operations provided in this topic. Setting the HFile and WAL encryption mode to SMS4 or AES has a great impact on the system and will cause data loss in case of any misoperation. You are not advised to perform this operation.
Data Disk Key Name Name of the key used to encrypt data disks. The used keys can be managed on the KMS console. Data Disk Key ID ID of the key used to encrypt data disks. Component Version Version of each component installed in the cluster.
After receiving the TGT request, the Kerberos service resolves parameters in the request to generate a TGT, and uses the key of the username specified by the client to encrypt the response.
There are three encryption modes. authentication: This is the default value in normal mode. In this mode, data is directly transmitted without encryption after being authenticated.
FTP does not encrypt data, which may cause security risks. Therefore, SFTP is recommended. This section applies only to MRS 3.x or later. Log in to the active management node as user omm. Perform this operation only on the active management node.
NOTE: Run the following command to encrypt the password as the user who installs the client. When the encryption tool runs for the first time, a random dynamic key is automatically generated and stored in .loader-tools.key.
After receiving the TGT request, the Kerberos service resolves parameters in the request to generate a TGT, and uses the key of the username specified by the client to encrypt the response.
NOTE: The default value is 3des, indicating that 3DES algorithm is used to encrypt data. The value can also be set to rc4.
The encryption tool uses this dynamic key to encrypt passwords every time.
If you want to use the OBS encryption function, follow instructions in Using OBS to Encrypt Data for Running Jobs to configure related information and call an API to run a job.
Replacing an HA Certificate HA certificates are used to encrypt the communication between active/standby processes and HA processes to ensure the communication security.
SASL_PLAINTEXT The SSL protocol can be configured for the server or client to encrypt transmission and communication only after ssl.mode.enable is set to true and broker enables the SSL and SASL_SSL protocols. Parent topic: MRS Cluster Security Hardening
