Help Center/ MapReduce Service/ User Guide (Ankara Region)/ FusionInsight Manager Operation Guide/ Security Management/ Security Hardening/ Configuring HetuEngine Data Encryption During Transmission
Updated on 2024-11-29 GMT+08:00
View PDF
Share

Configuring HetuEngine Data Encryption During Transmission

Scenario

This section describes how to configure HTTPS encryption for communication between nodes in a cluster and configure a whitelist for accessing HSConsole to enhance security.

You are advised to use the secure HTTPS protocol. Risks exist if you use an insecure protocol.

Procedure

  1. Log in to FusionInsight Manager and choose Cluster > Services > HetuEngine. Click Configurations then All Configurations. Enter the parameter name in the search box.

    After the configuration, restart the corresponding service for the settings to take effect.

    Table 1 Security configuration

    Parameter

    Description

    Default Value

    internal-communication.https.required

    Whether communication between nodes in a cluster requires HTTPS encryption. If this option is enabled, the query performance may deteriorate.

    true

    NOTE:

    If this parameter is set to false, http-server.http.enabled must be enabled.

    referer.whitelist

    Whitelist of web request headers that are allowed to access the HSconsole. Use semicolons (;) to separate multiple whitelists, for example, "https://192.168.1.2:25000:*;https://192.168.1.3:25001:*".

    N/A

    http-server.https.enabled

    Whether to enable HTTPS access for HetuEngine Computer Cluster.

    true

    NOTICE:

    If it is set to false, the HTTP protocol is used, please ensure that HetuEngine Compute Instance works in secure context.

Parent topic: Security Hardening