OneFS 8.2 introduces support for Apache® Hadoop® Distributed File System (HDFS) Transparent Data Encryption (TDE), providing end-to-end encryption between HDFS clients and a PowerScale cluster. HDFS TDE is configured in OneFS through encryption zones where data is transparently encrypted and decrypted as data is read and written. For more information about HDFS TDE for OneFS, see the blog post .
SyncIQ does not support the replication of the TDE domain and keys. Therefore, on the source cluster, if a SyncIQ policy is configured to include an HDFS TDE directory, the encrypted data is replicated to the target cluster. However, on the target cluster, the encrypted data is not accessible as the target cluster is missing the metadata that is stored in the IFS domain for clients to decrypt the data. TDE ensures that the data is encrypted before it is stored on the source cluster. Also, TDE stores the mapping to the keys required to decrypt the data, but not the actual keys. This makes the encrypted data on the target cluster inaccessible.