Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Security configuration page enables you to configure the security for the Kyvos cluster.

Hadoop Authentication Configuration
Anchor
HadoopAuthentication
HadoopAuthentication

...

Use the fields here to configure security configurations for the Hadoop cluster. 

...

Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#FFFAE6

Important

  • Local policy or US export policy jars enable Kyvos to work with secure Hadoop.

  • Due to import control restrictions for some countries, the Java Cryptography Extension (JCE) policy files shipped with the Java SE Development Kit and the Java SE Runtime Environment allow strong but limited cryptography to be used. An unlimited strength version of these files indicating no restrictions on cryptographic strengths is available on the JDK website according to the jurisdiction of your country. Those living in eligible countries may download the unlimited strength version and replace the strong cryptography jar files with the unlimited strength files.

  • For this, download the Java Cryptography Extension (JCE) file.

  • Unzip the jce_policy-8.zip file, to access the US_export_policy.jar and local_policy.jar to upload to Kyvos Manager.

Kyvos Preferences 

From the Kyvos Preferences list, select any one of the following: 

...

Parameter/Field

Comments/Description

Network Communication

Select to enable secure communication (TLS) between client and server.

  • Secured with TLS on all Kyvos Services and Kyvos Manager: Selecting this option will display the TLS configuration section.

  • Secured HTTPS on Kyvos Web Portal only: Selecting this option will display the Kyvos Web Portal Configuration and Custom Attributes for HTTPS Connector section.

  • HTTP: Selecting this option will display the HTTP Protocol option.

HTTP Protocol

Select the HTTP Protocol to use. Before enabling HTTP2, ensure that the prerequisites are completed.

TLS Protocol

Select the version for SSL/TLS protocol to be used. For multiple versions, select the corresponding check boxes. 

TLS Certificate mode

Select the certificate mode. You can upload a file or provide the path.

Keystore

Provide the location of the keystore file. This file is used by the server when secure communication is enabled and required by the client when mutual authentication is enabled.
Example: /data/KM_SNI/Certificate/keystore.jks

Keystore Private Key

Enter the keystore password.

Truststore 

Provide the location (path) to read the trust store file. This file is required by the client when secure communication is enabled and required by the server when mutual authentication is enabled.
Example: /data/KM_SNI/Certificate/truststore.jks

Truststore Private Key

Enter the truststore password.

Cipher Suite

Enter the encryption algorithm to be used for communication over the TLS layer.

Enable Mutual Authentication

Select to enable mutual authentication. 
NOTE: This option is displayed only if you have installed the Kyvos cluster using the war bundle. For other modes, Mutual authentication is enabled automatically.

Kyvos Web Portal Configuration

Certificate

Use Same Certificate as TLS: Select to use the same certificate for TLS and Web portal authentication.
Use Different Certificate: Select to use a different certificate. In this case, you will have to upload or provide the path of the Certificate and enter the Keystore path and Keystore Private Key.

HTTP2 Configuration

APR Lib Path: Provide the absolute path for Apache Portable Runtime library.

Attributes for HTTP2 over TLS connector

Here, provide values for the following parameters:

  • Connector

  • Connector.UpgradeProtocol

  • Connector.SSLHostConfig

  • Connector.SSLHostConfig.Certificate

Next: Configure Kyvos properties