phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <els...@apache.org>
Subject Re: SSL Phoenix
Date Fri, 24 Nov 2017 17:11:55 GMT
Why do you have a hard-requirement on using SSL?

HBase itself does not use SSL to provide confidentiality on its wire 
communication, it relies on jGSS and SASL to implement this security. 
Under the hood, this actually boils down to using GSSAPI, Kerberos 
specifically, to implement privacy (e.g. aes256-cts-hmac-sha1-96).

Take a look at 
https://hbase.apache.org/book.html#_server_side_configuration_for_secure_operation. 
Phoenix executes all of its RPCs over HBase RPCs, so if you have HBase 
set up correctly, Phoenix will follow.

If you want to introduce the Phoenix Query Server into your 
architecture, you can place it behind an SSL/TLS proxy server (or 
configure PQS directly with SSL/TLS using a sufficiently new version of 
Phoenix). This would be the only way I know of to "use Phoenix with 
SSL", but, in my experience, this is rarely what people actually want 
when they say this ;)

Disclaimer: I have no idea how any of this translates to EMR :)

On 11/24/17 12:01 PM, Ash N wrote:
> Hello All,
> 
> Thank you for the great work the team is doing on Phoenix.
> 
> Summary :  does Phoenix support SSL connection in Amazon EMR Cluster?
> 
> We are running Phoenix on EMR cluster in Amazon. We have a need to 
> connect to Phoenix over SSL.  I don't see much documentation around this 
> topic anywhere also I saw a couple of jira tickets that did not provide 
> enough help or direction on this topic.
> 
> If Phoenix does not support SSL connections what are my options?
> 
> Starting off six months ago,  we assumed this should not be an issue.  
> Now we are in big trouble.
> 
> All and any help is greatly appreciated.
> 
> Thanks
> Ash

Mime
View raw message