Important: Environments running on Java 8 must use JRE version 8u161 or higher.

When using an external JRE in a FIPS environment, you must integrate the Bouncy Castle FIPS jar file bundled with the installer after installing the server.

Take the following steps to modify an external JRE for a FIPS environment.

Note:
  • hdp_install_dir is the installation directory of the Hybrid Data Pipeline server.
  • external_jre_home is the home directory of the external JRE.
  1. Copy the hdp_install_dir/ddcloud/utils/jre/lib/ext/bc-fips-MAJOR.MINOR.PATCH.jar file to the external_jre_home/lib/ext directory.
  2. Merge the contents of the embedded JRE hdp_install_dir/ddcloud/utils/jre/lib/security/java.policy.bcfips file into the external JRE external_jre_home/lib/security/java.policy file.
    Note:
    • Any previously made customizations to the external_jre_home/lib/security/java.policy should be preserved.
    • Any permissions for data sources in the embedded JRE java.policy.bcfips file should be carried over to the external JRE java.policy file.
  3. Merge the contents of the embedded JRE hdp_install_dir/ddcloud/utils/jre/lib/security/java.security.bcfips file into the external JRE external_jre_home/lib/security/java.security file.
    Note:
    • Any previously made customizations to the external_jre_home/lib/security/java.security should be preserved.
    • Any properties enabled in the embedded JRE java.security.bcfips file should be carried over to the external JRE java.security file.