Enabling Encryption of Ephemeral Data in QDS Clusters

Azure

See Encryption for Data at Rest on Azure.

AWS

You can encrypt the data at rest on the cluster nodes’ ephemeral (local) storage. This includes HDFS and any intermediate output generated by Hadoop. Block device encryption is set up on the local devices before the node joins the cluster; this can increase the time it takes to bring up and upscale the cluster.

• To enable encryption in the QDS UI, navigate to the Clusters page and click the edit button to bring up the Edit Cluster page. Choose the Advanced Configuration tab and check the Enable Encryption box below Security Settings.
• To enable encryption of ephemeral data via the cluster REST API, follow instructions under security_settings.