Wire Encryption

Wire encryption provides confidentiality and privacy to two parties communicating over a public network. The two parties may also need to prove their identity to each other: authentication is the process of proving identity.

In Dremio, Transport Layer Security (TLS), previously called Secure Socket Layer, is the protocol used to establish an encrypted communication channel between two parties.

Dremio supports the following TLS wire encryption methods:

  • Full Wire Encryption - Enables all TLS communicaton.
  • Web Server Encryption - Enables HTTPS on the Dremio's web server.
  • ODBC/JDBC Client Encryption - Enables TLS communication between ODBC / JDBC clients and the Dremio server.
  • Intracluster Encryption - Enables TLS communication between nodes in a Dremio cluster.

[info] Permissions

The file permissions on the keystore, truststore, and dremio.conf files must be set correctly.

  • keystore permission: 0440
  • truststore permission: 0444
  • dremio.conf file permission: 0444

Full Wire Encryption (Enterprise Edition only)

Full wire encryption uses the same keystore and truststore to configure Dremio for all web server, client-server, and intracluster communication.

Encryption is configure via the dremio.conf file. The dremio.conf file must be modified on all of your Dremio coordinator and executor nodes in the cluster.

[info] Full Wire encryption is a Enterprise Edition feature only.

Web Server Encryption

Web server encryption specifies that the Dremio web server use HTTPS. Encryption is configured by setting the keyStore and trustStore properties in the dremio.conf file on all of your Dremio coordinator nodes.

[warning] WARNING: Using a self-signed certificate in production is not recommended for security reasons. Most browsers will also warn you if Dremio's web server is configured with a self-signed certificate.

ODBC/JDBC Client Encryption (Enterprise Edition only)

ODBC/JDBC client encryption specifies that Transport Layer Security (TLS) communication occurs between the ODBC/JDBC client applications and the Dremio server.

[info] ODBC/JDBC encryption is a Enterprise Edition feature only.

[warning] Not Supported Notice

The Microsoft Power BI Desktop client application is not supported.

Intracluster Encryption (Enterprise Edition only)

Intracluster encryption specifies that Transport Layer Security (TLS) communication occurs between Dremio nodes in a cluster. This communication is between coordinator-coordinator, coordinator-executor, and executor-executor nodes.

[info] Intracluster encryption is a Enterprise Edition feature only.

Encryption is configured by setting the keyStore and trustStore properties in the dremio.conf file on all of your Dremio coordinator and executor nodes.

For More Information


results matching ""

    No results matching ""