phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ash N <742...@gmail.com>
Subject Re: SSL Phoenix
Date Fri, 24 Nov 2017 17:19:29 GMT
Josh,

Thank you for your quick response.

The data is sensitive personal data of customers.  Everything needs to be
encrypted and secure.  In - wire, on-wire, in-motion, at rest, everything.
Our solution was to use SSL/TLS everywhere.  Our development team reported
that Phoenix does not support SSL. Therefore this is a big problem.

Based on the above statements,  if you have additional ideas, I will gladly
take them,
if you have additional input please do provide.  I unfortunately have very
limited to no knowledge on security.  So this becomes a challenge area for
me.

Meanwhile,  I will look up the link you have provided and will continue to
do research on this topic.

thanks,
-ash

On Fri, Nov 24, 2017 at 12:11 PM, Josh Elser <elserj@apache.org> wrote:

> Why do you have a hard-requirement on using SSL?
>
> HBase itself does not use SSL to provide confidentiality on its wire
> communication, it relies on jGSS and SASL to implement this security. Under
> the hood, this actually boils down to using GSSAPI, Kerberos specifically,
> to implement privacy (e.g. aes256-cts-hmac-sha1-96).
>
> Take a look at https://hbase.apache.org/book.
> html#_server_side_configuration_for_secure_operation. Phoenix executes
> all of its RPCs over HBase RPCs, so if you have HBase set up correctly,
> Phoenix will follow.
>
> If you want to introduce the Phoenix Query Server into your architecture,
> you can place it behind an SSL/TLS proxy server (or configure PQS directly
> with SSL/TLS using a sufficiently new version of Phoenix). This would be
> the only way I know of to "use Phoenix with SSL", but, in my experience,
> this is rarely what people actually want when they say this ;)
>
> Disclaimer: I have no idea how any of this translates to EMR :)
>
>
> On 11/24/17 12:01 PM, Ash N wrote:
>
>> Hello All,
>>
>> Thank you for the great work the team is doing on Phoenix.
>>
>> Summary :  does Phoenix support SSL connection in Amazon EMR Cluster?
>>
>> We are running Phoenix on EMR cluster in Amazon. We have a need to
>> connect to Phoenix over SSL.  I don't see much documentation around this
>> topic anywhere also I saw a couple of jira tickets that did not provide
>> enough help or direction on this topic.
>>
>> If Phoenix does not support SSL connections what are my options?
>>
>> Starting off six months ago,  we assumed this should not be an issue.
>> Now we are in big trouble.
>>
>> All and any help is greatly appreciated.
>>
>> Thanks
>> Ash
>>
>

Mime
View raw message