Home > Storage > PowerScale (Isilon) > Product Documentation > Data Protection > Dell PowerScale SyncIQ: Architecture, Configuration, and Considerations > SyncIQ and Hadoop Transparent Data Encryption
OneFS 8.2 introduces support for Apache Hadoop Distributed File System (HDFS) Transparent Data Encryption (TDE), providing end-to-end encryption between HDFS clients and a PowerScale cluster. HDFS TDE is configured in OneFS through encryption zones where data is transparently encrypted and decrypted as data is read and written. For more information about HDFS TDE for OneFS, see the blog post Using HDFS TDE with PowerScale OneFS.
SyncIQ does not support the replication of the TDE domain and keys. Therefore, on the source cluster, if a SyncIQ policy is configured to include an HDFS TDE directory, the encrypted data is replicated to the target cluster. However, on the target cluster, the encrypted data is not accessible as the target cluster is missing the metadata that is stored in the IFS domain for clients to decrypt the data. TDE ensures that the data is encrypted before it is stored on the source cluster. Also, TDE stores the mapping to the keys required to decrypt the data, but not the actual keys, making the encrypted data on the target cluster inaccessible.