When you enable system disk encryption, it encrypts the operating system, program files, and other system-related data on the system disk. If your business has security and compliance requirements, you can use this feature to protect data privacy and maintain control. This provides a security boundary for your business data without requiring you to build or maintain a key management infrastructure.
Background
For more information about system disk encryption, see Cloud disk encryption.
Prerequisites
You have activated Key Management Service (KMS) and created a customer master key (CMK). For more information, see Purchase a dedicated KMS instance and Create a customer master key.
Limitations
-
Encryption is supported only for Enterprise SSD (ESSD), standard SSD, and ultra disk volumes. You cannot encrypt a local disk.
-
You can enable system disk encryption only when you create a cluster, not for an existing one.
Notes
Once enabled, system disk encryption cannot be disabled. Carefully consider whether to enable this feature.
Procedure
-
Log on to the E-MapReduce console.
-
Click Create Cluster.
-
In the Basic Configuration step, click the
icon in the Advanced Settings section. -
Turn on the System Disk Encryption switch and select a customer master key (CMK) from the drop-down list.
To finish creating the cluster, configure the remaining software and hardware settings, and then confirm your order. For more information, see Create a cluster.