Network Encryption Configuration

This section documents encryption configurations for each type of network communication in Ozone.

📄️ Hadoop RPC

Ozone traffic may be transferred via Hadoop RPC for client-to-OM (Ozone Manager) communication. To encrypt client-OM communication, configure hadoop.rpc.protection to privacy in your core-site.xml. This ensures that all data exchanged over Hadoop RPC is encrypted.

📄️ gRPC TLS

Ozone traffic may be transferred via gRPC (e.g., Ratis write pipeline or client reading blocks from Datanode). To enable TLS for gRPC traffic, set hdds.grpc.tls.enabled to true. This encrypts communication between Ozone services that use gRPC.

📄️ Web UI HTTPS

Ozone exposes multiple Web UIs (OM, SCM, Datanode, HttpFS, Recon, S3 Gateway). This page describes how to enable HTTPS for these Web UIs and how to configure optional mutual TLS (mTLS) using server and client certificates.