Help Center/ MapReduce Service/ User Guide/ MRS Cluster O&M/ MRS Cluster Security Configuration/ MRS Cluster Security Hardening/ Configuring Spark Data Encryption During Transmission
Updated on 2024-09-23 GMT+08:00
View PDF
Share

Configuring Spark Data Encryption During Transmission

Scenario

This section describes how to configure encryption for Spark security channels.

This topic is available for MRS 3.x or later.

Configuring Spark Data Encryption During Transmission

To modify parameters, log in to Manager, choose Cluster > Services > Spark, click Configurations then All Configurations, and enter a parameter name in the search box.

After the configuration, restart the corresponding service for the settings to take effect.

Table 1 Parameters

Parameter

Description

Default Value

spark.authenticate

Whether to enable Spark internal security authentication

Security mode: true

Normal mode: false

spark.authenticate.enableSaslEncryption

Whether to enable encrypted communication based on Simple Authentication and Security Layer (SASL).

Security mode: true

Normal mode: false

spark.network.crypto.enabled

Whether to enable RPC encryption based on Advanced Encryption Standard (AES)

Security mode: true

Normal mode: false

spark.network.sasl.serverAlwaysEncrypt

Whether to disable unencrypted connections for ports with SASL authentication enabled

false

spark.network.crypto.keyLength

Length of the encryption key to be generated

256

spark.network.crypto.keyFactoryAlgorithm

Algorithm used to generate the encryption key

PBKDF2WithHmacSHA1

spark.io.encryption.enabled

Whether to enable local disk I/O encryption.

Security mode: true

Normal mode: false

spark.io.encryption.keygen.algorithm

Algorithm used to generate the I/O encryption key

HmacSHA256

spark.io.encryption.keySizeBits

Size of an I/O encryption key, in bits

256

spark.ssl.ui.enabled

Whether to enable Secure Sockets Layer (SSL) authentication for the web UI connection

Security mode: true

Normal mode: false