检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Run the following command to switch the directory: cd fusioninsight-flume-Flume component version number/bin Run the following command to encrypt information: ./genPwFile.sh Input the information that you want to encrypt twice.
Run the following command to switch the directory: cd fusioninsight-flume-Flume component version number/bin Run the following command to encrypt information: ./genPwFile.sh Input the information that you want to encrypt twice.
Replacing an HA Certificate HA certificates are used to encrypt the communication between active/standby processes and HA processes to ensure the communication security.
To encrypt them, perform the operations provided in this topic. Setting the HFile and WAL encryption mode to SMS4 or AES has a great impact on the system and will cause data loss in case of any misoperation. You are not advised to perform this operation.
If you want to use the OBS encryption function, follow instructions in Using OBS to Encrypt Data for Running Jobs to configure related information and call an API to run a job.
You can replace the default certificates of a cluster according to the following guidance: The MRS CA certificate is used to encrypt data during the communication between the client and the server of a component to ensure communication security.
Applications need to encrypt only specified sensitive data. Services are not affected during the encryption and decryption. In addition to data encryption of the file system, Hive provides column encryption (see Using the Hive Column Encryption Function).
Data Disk Key Name Name of the key used to encrypt data disks. The used keys can be managed on the KMS console. Data Disk Key ID ID of the key used to encrypt data disks. Component Version Version of each component installed in the cluster.
NOTE: The default value is 3des, indicating that 3DES algorithm is used to encrypt data. The value can also be set to rc4.
SASL_PLAINTEXT The SSL protocol can be configured for the server or client to encrypt transmission and communication only after ssl.mode.enable is set to true and broker enables the SSL and SASL_SSL protocols. Parent topic: MRS Cluster Security Hardening
Encrypt passwords before transferring them, and do not transfer them via email. Encrypt passwords for storage. Remind enterprise users to change passwords during system handover. Change passwords periodically.
There are three encryption modes. authentication: This is the default value in normal mode. In this mode, data is directly transmitted without encryption after being authenticated.
Encrypt and store them in configuration files or environment variables and decrypt them when needed. // The password is stored in environment variables for identity authentication.
Encrypt and store them in configuration files or environment variables and decrypt them when needed. // The password is stored in environment variables for identity authentication.
FTP does not encrypt data, which may cause security risks. Therefore, SFTP is recommended. This section applies only to MRS 3.x or later. Log in to the active management node as user omm. Perform this operation only on the active management node.
SSL_ENABLE ALL true Whether to encrypt the channel between the client and server using SSL Click Save. Click the Instance tab. Select the corresponding instance and choose More > Restart Instance to make the configuration take effect. Parent topic: IoTDB O&M Management
After receiving the TGT request, the Kerberos service resolves parameters in the request to generate a TGT, and uses the key of the username specified by the client to encrypt the response.
The encryption tool uses this dynamic key to encrypt passwords every time.
After receiving the TGT request, the Kerberos service resolves parameters in the request to generate a TGT, and uses the key of the username specified by the client to encrypt the response.
NOTE: Run the following command to encrypt the password as the user who installs the client. When the encryption tool runs for the first time, a random dynamic key is automatically generated and stored in .loader-tools.key.
