Home > Storage > PowerScale (Isilon) > Product Documentation > Data Protection > Dell PowerScale SmartSync > Hadoop Transparent Data Encryption
Apache Hadoop Distributed File System (HDFS) Transparent Data Encryption (TDE) provides end-to-end encryption between HDFS clients and a PowerScale cluster. HDFS TDE is configured in OneFS through encryption zones, where data is transparently encrypted and decrypted as data is read and written. For more information about HDFS TDE for OneFS, see the Using Transparent Data Encryption with Isilon HDFS white paper.
SmartSync does not support the replication of the TDE domain and keys. On the source cluster, if a SmartSync policy is configured to include an HDFS TDE directory, the encrypted data is replicated to the target cluster. However, on the target cluster, the encrypted data is not accessible because the target cluster is missing the metadata that is stored in the IFS domain for clients to decrypt the data. TDE ensures that the data is encrypted before it is stored on the source cluster. Also, TDE stores the mapping to the keys required to decrypt the data, but not the actual keys, making the encrypted data on the target cluster inaccessible.