Apache Hadoop clusters with secure transfer storage accounts in Azure HDInsight
The Secure transfer required feature enhances the security of your Azure Storage account by enforcing all requests to your account through a secure connection. This feature and the wasbs scheme are only supported by HDInsight cluster version 3.6 or newer.
Important
Enabling secure storage transfer after creating a cluster can result in errors using your storage account and is not recommended. It is better to create a new cluster using a storage account with secure transfer already enabled.
Storage accounts
Azure portal
By default, the secure transfer required property is enabled when you create a storage account in Azure portal.
To update an existing storage account with Azure portal, see Require secure transfer with Azure portal.
PowerShell
For the PowerShell cmdlet New-AzStorageAccount, ensure parameter -EnableHttpsTrafficOnly is set to 1.
To update an existing storage account with PowerShell, see Require secure transfer with PowerShell.
Azure CLI
For the Azure CLI command az storage account create, ensure parameter --https-only is set to true.
To update an existing storage account with Azure CLI, see Require secure transfer with Azure CLI.
Add additional storage accounts
There are several options to add additional secure transfer enabled storage accounts:
- Modify the Azure Resource Manager template in the last section.
- Create a cluster using the Azure portal and specify linked storage account.
- Use script action to add additional secure transfer enabled storage accounts to an existing HDInsight cluster. For more information, see Add additional storage accounts to HDInsight.
Next steps
- The use of Azure Storage (WASB) instead of Apache Hadoop HDFS as the default data store
- For information on how HDInsight uses Azure Storage, see Use Azure Storage with HDInsight.
- For information on how to upload data to HDInsight, see Upload data to HDInsight.