SlideShare ist ein Scribd-Unternehmen logo

Discover Enterprise Security Features in Hortonworks Data Platform 2.1: Apache Knox

‱
‱
Hortonworks
Hortonworks

Discover enterprise security features in Hortonworks Data Platform 2.1 (HDP) with Apache Knox

Technologie
1 von 31
Downloaden Sie, um offline zu lesen
Page 1 © Hortonworks Inc. 2014 Discover HDP 2.1 New Features for Security & Apache Knox Hortonworks. We do Hadoop.
Page 2 © Hortonworks Inc. 2014 Speakers Justin Sears Hortonworks Product Marketing Manager Vinay Shukla Hortonworks Director of Product Management & owner of Hortonworks security roadmap Kevin Minder Hortonworks Engineer & Committer for Apache Knox Gateway project
Page 3 © Hortonworks Inc. 2014 Agenda ‱  Security for Hadoop REST/HTTP API – Knox Gateway ‱  HDFS Security – ACLs ‱  SQL Security – Next Generation Hive Authorization
Page 4 © Hortonworks Inc. 2014 OPERATIONS*TOOLS* Provision, Manage & Monitor DEV*&*DATA*TOOLS* Build & Test A Modern Data ArchitectureAPPLICATIONS*DATA**SYSTEM* REPOSITORIES* RDBMS* EDW* MPP* Business** Analy<cs* Custom* Applica<ons* Packaged* Applica<ons* Governance &Integration ENTERPRISE HADOOP Security Operations Data Access Data Management SOURCES* OLTP,&ERP,& CRM&Systems& Documents,&& Emails& Web&Logs,& Click&Streams& Social& Networks& Machine& Generated& Sensor& Data& GeolocaCon& Data&
Page 5 © Hortonworks Inc. 2014 HDP 2.1: Enterprise Hadoop HDP 2.1 Hortonworks Data Platform ** Provision,* Manage*&* Monitor* & Ambari& Zookeeper& Scheduling* & Oozie& Data*WorkïŹ‚ow,* Lifecycle*&* Governance* * Falcon& Sqoop& Flume& NFS& WebHDFS& YARN*:*Data*Opera<ng*System& DATA**MANAGEMENT* SECURITY*DATA**ACCESS* GOVERNANCE*&* INTEGRATION* Authen<ca<on* Authoriza<on* Accoun<ng* Data*Protec<on* & Storage:&HDFS& Resources:&YARN& Access:&Hive,&
&& Pipeline:&Falcon& Cluster:&Knox& OPERATIONS* Script* & Pig& * * Search* * Solr& * * SQL* * Hive/Tez,& HCatalog& * * NoSQL* * HBase& Accumulo& * * Stream* ** Storm& & * * Others* * InTMemory& AnalyCcs,&& ISV&engines& 1& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& N* HDFS** (Hadoop&Distributed&File&System)& Batch* * Map& Reduce& * *
Page 6 © Hortonworks Inc. 2014 HDP 2.1: Enterprise Hadoop HDP 2.1 Hortonworks Data Platform ** Provision,* Manage*&* Monitor* & Ambari& Zookeeper& Scheduling* & Oozie& Data*WorkïŹ‚ow,* Lifecycle*&* Governance* * Falcon& Sqoop& Flume& NFS& WebHDFS& YARN*:*Data*Opera<ng*System& DATA**MANAGEMENT* DATA**ACCESS* GOVERNANCE*&* INTEGRATION* OPERATIONS* Script* & Pig& * * Search* * Solr& * * SQL* * Hive/Tez,& HCatalog& * * NoSQL* * HBase& Accumulo& * * Stream* ** Storm& & * * Others* * InTMemory& AnalyCcs,&& ISV&engines& 1& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& N* HDFS** (Hadoop&Distributed&File&System)& Batch* * Map& Reduce& * * SECURITY* Authen<ca<on* Authoriza<on* Accoun<ng* Data*Protec<on* & Storage:&HDFS& Resources:&YARN& Access:&Hive,&
&& Pipeline:&Falcon& Cluster:&Knox&
Page 7 © Hortonworks Inc. 2014 Security: Rings of Defense Perimeter Level Security ‱  Network Security (i.e. Firewalls) ‱  Apache Knox (i.e. Gateways) Authentication ‱  Kerberos OS Security Authorization ‱  MR ACLs ‱  HDFS Permissions ‱  HDFS ACLs ‱  HiveATZ-NG ‱  HBase ACLs ‱  Accumulo Label Security Data Protection ‱  Core Hadoop ‱  Partners
Page 8 © Hortonworks Inc. 2014 Security for Hadoop REST API – Apache Knox Gateway
Page 9 © Hortonworks Inc. 2014 Current Hadoop Client Model ‱  FileSystem and MapReduce Java APIs ‱  HDFS, Pig, Hive and Oozie clients (that wrap the Java APIs) ‱  Typical use of APIs is via “Edge Node” that is “inside” cluster ‱  Users SSH to Edge Node and execute API commands from shell HadoopUser Edge Node SSH!
Page 10 © Hortonworks Inc. 2014 Why Knox? Simplified Access Single Hadoop access point Rationalized REST API hierarchy Consolidated API calls Multi-cluster support Client DSL Centralized Security Eliminate SSH “edge node” Central API management & audit Service-level authorization Identity Management SSO Integration LDAP & AD integration Knox eliminates the client’s requirements for intimate knowledge of cluster topology
Page 11 © Hortonworks Inc. 2014 Hadoop REST API Security: Drill-Down REST Client Enterprise Identity Provider LDAP/AD Knox Gateway GW GW Firewall Firewall DMZ L B Edge Node/ Hadoop CLIs Edge Node/ Hadoop CLIs RPC HTTP HTTP HTTP LDAP RPC Hadoop Cluster 2 Masters Slaves NN RM Oozie Web HCat HS2 HBase DN NM Hadoop Cluster 2 Masters Slaves NN RM Oozie Web HCat HS2 HBase DN NM
Page 12 © Hortonworks Inc. 2014 Knox Summary ‱  Simplifies Client Interaction with REST Web Services ‱  Abstracts away complexities of Kerberos ‱  Integrates with LDAP, Site Minder & other protocols in future ‱  Provides Authorization to each Web Service with IP, User, Group policies ‱  Able to secure multiple clusters through a single-endpoint
Page 13 © Hortonworks Inc. 2014 HDFS Access Control List (ACL)
Page 14 © Hortonworks Inc. 2014 HDFS Permissions Model Before HDP 2.1 ‱ HDFS permissions at a File & Directory level ‱ Managed by a set of 3 distinct user classes – “owner”, “group” and “others” ‱ 3 permissions for each user class – Read (“r”), Write (“w”), Execute (“e”) – For Files, “r” for read, “w” for write – For Directories, “r” to list content, “w” to create/delete files + directories, “x” for access child of directory Owner Group Others HDFS Directory 
 rwx 
 rwx 
 rwx
Page 15 © Hortonworks Inc. 2014 HDFS File Permissions Example ‱  Authorization requirements: –  In a sales department, they would like a single user Maya (Department Manager) to control all modifications to sales data –  Other members of sales department need to view the data, but can’t modify it. –  Everyone else in the company must not be allowed to view the data. ‱  Can be implemented via the following: Read/Write perm for user maya User Group Read perm for group sales File with sales data
Page 16 © Hortonworks Inc. 2014 HDFS Extended ACLs in HDP 2.1 ‱  Problem – No longer feasible for Maya to control all modifications to the file –  New Requirement: Maya, Diane and Clark are allowed to make modifications –  New Requirement: New group called executives should be able to read the sales data – Current permissions model only allows permissions at 1 group and 1 user ‱  Solution: HDFS Extended ACLs – Now assign different permissions to different users and groups Owner Group Others HDFS Directory 
 rwx 
 rwx 
 rwx Group D 
 rwx Group F 
 rwx User Y 
 rwx
Page 17 © Hortonworks Inc. 2014 HDFS Extended ACLs in HDP 2.1 New Tools for ACL Management (setfacl, getfacl) – hdfs dfs -setfacl -m group:execs:r-- /sales-data! – hdfs dfs -getfacl /sales-data‹ # file: /sales-data‹ # owner: maya‹ # group: sales‹ user::rw-‹ group::r--‹ group:execs:r--‹ mask::r--‹ other::--! How do you know if a directory has ACLs set? – hdfs dfs -ls /sales-data‹ Found 1 items‹ -rw-r-----+  3 maya sales          0 2014-03-04 16:31 /sales-data!
Page 18 © Hortonworks Inc. 2014 HDFS Extended ACLs in HDP 2.1 Default ACLs – hdfs dfs -setfacl -m default:group:execs:r-x / monthly-sales-data! – hdfs dfs -mkdir /monthly-sales-data/JAN! – hdfs dfs –getfacl /monthly-sales-data/JAN! –  # file: /monthly-sales-data/JAN‹ # owner: maya‹ # group: sales‹ user::rwx‹ group::r-x‹ group:execs:r-x‹ mask::r-x‹ other::---‹ default:user::rwx‹ default:group::r-x‹ default:group:execs:r-x‹ default:mask::r-x‹ default:other::---"
Page 19 © Hortonworks Inc. 2014 SQL-Style Security for Hive –ATZ-NG
Page 20 © Hortonworks Inc. 2014 Hive Authorization Before HDP 2.1 HiveAuthorizationProvider(HAP) as the base interface 1.  StorageBasedAuthorizationProvider – Uses HDFS permissions to make authorization decision – HDFS dir permission = Table Permission – Coarse grained, no column level security – Secure://hive.apache.org/docs/hcat_r0.5.0/authorization.pdf 2.  DefaultHiveAuthorizationProvider – BROKEN HORTONWORKS RECOMMENDATION: DO NOT USE – RDBMS style authorization provider – Does not check all operations – Does not check policy grants
Page 21 © Hortonworks Inc. 2014 Hive Authorization in HDP 2.1 ‱ Many paths into Hive – Hive CLI, Beeline, Oozie, Hue, Pig, HCatalog, etc. – Admin type users use CLI, Pig, HCatalog – Business users use O/JDBC, Beeline ‱ Other security concerns – Authentication is enforced. It is a pre-requisite to meaningful authorization – No direct access to HDFS – cluster is Kerberized and restricts access – Hive Metastore is protected and allows only authorized access – Views are used to provide row/column level access with ATZ-NG
Page 22 © Hortonworks Inc. 2014 Hive ATZ-NG – Architecture HDFS Metastore HiveServer2 O/JDBC Beeline CLI ‱  ATZ-NG is called for O/JDBC & Beeline CLI ‱  Standard SQL GRANT / REVOKE for management ‱  Privilege to register UDF restricted to Admin user ‱  Policy integrated with Table/View life cycle Storage Based Authorization Hive CLI OozieHue PIG HCat Ambari 0. Enable HiveATZ-NG 1. Authentication UDFs Protected – fine grained Protected -- coarse grained Restrict direct access to Metastore Protect HDFS with Kerberos & HDFS ACL ATZ-NG 2. Authorization
Page 23 © Hortonworks Inc. 2014 Hive ATZ-NG Details Hive ATZ NG SQL standard-based authorization Manually config Hive to enable, Hive restart required Grants on tables or views to roles or users GRANT/REVOKE action ON [table | view] to role | user! Policy stored in Hive Metastore Table/View lifecycle auto-synced with policy stored in Hive Metastore Grant/Revoke does integrity check, prevents invalid policies Show grants on user | table | view | role & shows policy Supports delegated administration All data need to be readable/writable by Hive user, combined with HDFS ACL, need not be owned by Hive user Back up of Policy same as Hive Metastore backup Check on the ability to register UDF
Page 24 © Hortonworks Inc. 2014 What about MR/Pig/Hive CLI? ‱ All these are ETL run by privileged users ‱ Protect them at coarse grained level with StorageBasedAuthorization
Page 25 © Hortonworks Inc. 2014 Summary ATZ-NG is a superior approach for Hive Authorization because it delivers: 1.  Familiar & DBA-friendly approach for defining security policies for Hive Tables. No additional education required to understand how to take advantage of this. 2.  Integrated and error-free policy definition approach which works in lock-step with the lifecycle of tables and views. 3.  Minimal additional operational overhead to take advantage of ATZ-NG; from no required MR/YARN restart through leveraging pre-existing Hive Metastore (and associated handling - back-up, recovery, etc.)
Page 26 © Hortonworks Inc. 2014 Hive ATZ-NG Example Page 26
Page 27 © Hortonworks Inc. 2014 Scenario ‱ Objective: Share Product Management Roadmap securely ‱ Actors: – Admin Role – Specified in hive-site – Admin role controls role memberships – Product Management Role – Should be able to create, read all road map details. – Members: Vinay Shukla, Tim Hall – Engineering Role – Should be able to read (see) all roadmap details – Members: Kevin Minder, Larry McCay
Page 28 © Hortonworks Inc. 2014 Step 1: Admin role Creates Roles, Adds Users 1.  CREATE ROLE PM; 2.  CREATE ROLE ENG; 3.  GRANT ROLE PM to user timhall with admin option; 4.  GRANT ROLE PM to user vinayshukla; 5.  GRANT ROLE ENG to user kevinminder with admin option; 6.  GRANT ROLE ENG to user larrymccay;
Page 29 © Hortonworks Inc. 2014 Step 2: Super-user Creates Tables/Views create table hdp_hadoop_plans ( id int, hadoop_roadmap string, hdp_roadmap string );
Page 30 © Hortonworks Inc. 2014 Step 3: Users or Roles Assigned To Tables 1.  GRANT ALL ON hdp_hadoop_plans TO ROLE PM; 2.  GRANT SELECT ON hdp_hadoop_plans TO ROLE ENG;
Page 31 © Hortonworks Inc. 2014 Learn More Hortonworks.com/labs/ security/ Register for the other six Discover HDP 2.1 Webinars Hortonworks.com/webinars Next on the Security Roadmap

Empfohlen

Delivering Apache Hadoop for the Modern Data Architecture
Delivering Apache Hadoop for the Modern Data Architecture Delivering Apache Hadoop for the Modern Data Architecture
Delivering Apache Hadoop for the Modern Data Architecture
Hortonworks
 
Data Discovery, Visualization, and Apache Hadoop
Data Discovery, Visualization, and Apache HadoopData Discovery, Visualization, and Apache Hadoop
Data Discovery, Visualization, and Apache Hadoop
Hortonworks
 
Discover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFS
Discover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFSDiscover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFS
Discover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFS
Hortonworks
 
Don't Let Security Be The 'Elephant in the Room'
Don't Let Security Be The 'Elephant in the Room'Don't Let Security Be The 'Elephant in the Room'
Don't Let Security Be The 'Elephant in the Room'
Hortonworks
 
Splunk-hortonworks-risk-management-oct-2014
Splunk-hortonworks-risk-management-oct-2014Splunk-hortonworks-risk-management-oct-2014
Splunk-hortonworks-risk-management-oct-2014
Hortonworks
 
Big Data Analytics - Is Your Elephant Enterprise Ready?
Big Data Analytics - Is Your Elephant Enterprise Ready?Big Data Analytics - Is Your Elephant Enterprise Ready?
Big Data Analytics - Is Your Elephant Enterprise Ready?
Hortonworks
 
Enterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble StorageEnterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble Storage
Hortonworks
 
Introduction to Hortonworks Data Platform
Introduction to Hortonworks Data PlatformIntroduction to Hortonworks Data Platform
Introduction to Hortonworks Data Platform
Hortonworks
 

Empfohlen

Delivering Apache Hadoop for the Modern Data Architecture
Delivering Apache Hadoop for the Modern Data Architecture Delivering Apache Hadoop for the Modern Data Architecture
Delivering Apache Hadoop for the Modern Data Architecture
Hortonworks
 
Data Discovery, Visualization, and Apache Hadoop
Data Discovery, Visualization, and Apache HadoopData Discovery, Visualization, and Apache Hadoop
Data Discovery, Visualization, and Apache Hadoop
Hortonworks
 
Discover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFS
Discover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFSDiscover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFS
Discover HDP 2.1: Apache Hadoop 2.4.0, YARN & HDFS
Hortonworks
 
Don't Let Security Be The 'Elephant in the Room'
Don't Let Security Be The 'Elephant in the Room'Don't Let Security Be The 'Elephant in the Room'
Don't Let Security Be The 'Elephant in the Room'
Hortonworks
 
Splunk-hortonworks-risk-management-oct-2014
Splunk-hortonworks-risk-management-oct-2014Splunk-hortonworks-risk-management-oct-2014
Splunk-hortonworks-risk-management-oct-2014
Hortonworks
 
Big Data Analytics - Is Your Elephant Enterprise Ready?
Big Data Analytics - Is Your Elephant Enterprise Ready?Big Data Analytics - Is Your Elephant Enterprise Ready?
Big Data Analytics - Is Your Elephant Enterprise Ready?
Hortonworks
 
Enterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble StorageEnterprise Hadoop with Hortonworks and Nimble Storage
Enterprise Hadoop with Hortonworks and Nimble Storage
Hortonworks
 
Introduction to Hortonworks Data Platform
Introduction to Hortonworks Data PlatformIntroduction to Hortonworks Data Platform
Introduction to Hortonworks Data Platform
Hortonworks
 
Hp Converged Systems and Hortonworks - Webinar Slides
Hp Converged Systems and Hortonworks - Webinar SlidesHp Converged Systems and Hortonworks - Webinar Slides
Hp Converged Systems and Hortonworks - Webinar Slides
Hortonworks
 
Discover HDP 2.1: Interactive SQL Query in Hadoop with Apache Hive
Discover HDP 2.1: Interactive SQL Query in Hadoop with Apache HiveDiscover HDP 2.1: Interactive SQL Query in Hadoop with Apache Hive
Discover HDP 2.1: Interactive SQL Query in Hadoop with Apache Hive
Hortonworks
 
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hortonworks
 
Discover HDP 2.1: Apache Falcon for Data Governance in Hadoop
Discover HDP 2.1: Apache Falcon for Data Governance in HadoopDiscover HDP 2.1: Apache Falcon for Data Governance in Hadoop
Discover HDP 2.1: Apache Falcon for Data Governance in Hadoop
Hortonworks
 
Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...
Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...
Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...
Hortonworks
 
Discover.hdp2.2.h base.final[2]
Discover.hdp2.2.h base.final[2]Discover.hdp2.2.h base.final[2]
Discover.hdp2.2.h base.final[2]
Hortonworks
 
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksPowering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Hortonworks
 
Discover HDP 2.1: Apache Solr for Hadoop Search
Discover HDP 2.1: Apache Solr for Hadoop SearchDiscover HDP 2.1: Apache Solr for Hadoop Search
Discover HDP 2.1: Apache Solr for Hadoop Search
Hortonworks
 
Combine SAS High-Performance Capabilities with Hadoop YARN
Combine SAS High-Performance Capabilities with Hadoop YARNCombine SAS High-Performance Capabilities with Hadoop YARN
Combine SAS High-Performance Capabilities with Hadoop YARN
Hortonworks
 
YARN Ready: Integrating to YARN with Tez
YARN Ready: Integrating to YARN with Tez YARN Ready: Integrating to YARN with Tez
YARN Ready: Integrating to YARN with Tez
Hortonworks
 
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.nextDiscover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Hortonworks
 
Rescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
Rescue your Big Data from Downtime with HP Operations Bridge and Apache HadoopRescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
Rescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
Hortonworks
 
Introduction to the Hortonworks YARN Ready Program
Introduction to the Hortonworks YARN Ready ProgramIntroduction to the Hortonworks YARN Ready Program
Introduction to the Hortonworks YARN Ready Program
Hortonworks
 
Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...
Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...
Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...
Hortonworks
 
Discover.hdp2.2.storm and kafka.final
Discover.hdp2.2.storm and kafka.finalDiscover.hdp2.2.storm and kafka.final
Discover.hdp2.2.storm and kafka.final
Hortonworks
 
State of the Union with Shaun Connolly
State of the Union with Shaun ConnollyState of the Union with Shaun Connolly
State of the Union with Shaun Connolly
Hortonworks
 
Stinger.Next by Alan Gates of Hortonworks
Stinger.Next by Alan Gates of HortonworksStinger.Next by Alan Gates of Hortonworks
Stinger.Next by Alan Gates of Hortonworks
Data Con LA
 
HDP Advanced Security: Comprehensive Security for Enterprise Hadoop
HDP Advanced Security: Comprehensive Security for Enterprise HadoopHDP Advanced Security: Comprehensive Security for Enterprise Hadoop
HDP Advanced Security: Comprehensive Security for Enterprise Hadoop
Hortonworks
 
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Hortonworks
 
Enabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical EnterpriseEnabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical Enterprise
Hortonworks
 
Hdp security overview
Hdp security overview Hdp security overview
Hdp security overview
Hortonworks
 
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Kevin Minder
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hortonworks
 
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksPowering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Hortonworks
 
Combine SAS High-Performance Capabilities with Hadoop YARN
Combine SAS High-Performance Capabilities with Hadoop YARNCombine SAS High-Performance Capabilities with Hadoop YARN
Combine SAS High-Performance Capabilities with Hadoop YARN
Hortonworks
 
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.nextDiscover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Hortonworks
 
Stinger.Next by Alan Gates of Hortonworks
Stinger.Next by Alan Gates of HortonworksStinger.Next by Alan Gates of Hortonworks
Stinger.Next by Alan Gates of Hortonworks
Data Con LA
 
HDP Advanced Security: Comprehensive Security for Enterprise Hadoop
HDP Advanced Security: Comprehensive Security for Enterprise HadoopHDP Advanced Security: Comprehensive Security for Enterprise Hadoop
HDP Advanced Security: Comprehensive Security for Enterprise Hadoop
Hortonworks
 
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Hortonworks
 

Was ist angesagt? (20)

Hp Converged Systems and Hortonworks - Webinar Slides
Hp Converged Systems and Hortonworks - Webinar SlidesHp Converged Systems and Hortonworks - Webinar Slides
Hp Converged Systems and Hortonworks - Webinar Slides
 
Discover HDP 2.1: Interactive SQL Query in Hadoop with Apache Hive
Discover HDP 2.1: Interactive SQL Query in Hadoop with Apache HiveDiscover HDP 2.1: Interactive SQL Query in Hadoop with Apache Hive
Discover HDP 2.1: Interactive SQL Query in Hadoop with Apache Hive
 
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
Hadoop Operations, Innovations and Enterprise Readiness with Hortonworks Data...
 
Discover HDP 2.1: Apache Falcon for Data Governance in Hadoop
Discover HDP 2.1: Apache Falcon for Data Governance in HadoopDiscover HDP 2.1: Apache Falcon for Data Governance in Hadoop
Discover HDP 2.1: Apache Falcon for Data Governance in Hadoop
 
Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...
Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...
Discover hdp 2.2: Data storage innovations in Hadoop Distributed Filesystem (...
 
Discover.hdp2.2.h base.final[2]
Discover.hdp2.2.h base.final[2]Discover.hdp2.2.h base.final[2]
Discover.hdp2.2.h base.final[2]
 
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and HortonworksPowering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
Powering Fast Data and the Hadoop Ecosystem with VoltDB and Hortonworks
 
Discover HDP 2.1: Apache Solr for Hadoop Search
Discover HDP 2.1: Apache Solr for Hadoop SearchDiscover HDP 2.1: Apache Solr for Hadoop Search
Discover HDP 2.1: Apache Solr for Hadoop Search
 
Combine SAS High-Performance Capabilities with Hadoop YARN
Combine SAS High-Performance Capabilities with Hadoop YARNCombine SAS High-Performance Capabilities with Hadoop YARN
Combine SAS High-Performance Capabilities with Hadoop YARN
 
YARN Ready: Integrating to YARN with Tez
YARN Ready: Integrating to YARN with Tez YARN Ready: Integrating to YARN with Tez
YARN Ready: Integrating to YARN with Tez
 
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.nextDiscover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
Discover HDP 2.2: Even Faster SQL Queries with Apache Hive and Stinger.next
 
Rescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
Rescue your Big Data from Downtime with HP Operations Bridge and Apache HadoopRescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
Rescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
 
Introduction to the Hortonworks YARN Ready Program
Introduction to the Hortonworks YARN Ready ProgramIntroduction to the Hortonworks YARN Ready Program
Introduction to the Hortonworks YARN Ready Program
 
Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...
Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...
Webinar - Accelerating Hadoop Success with Rapid Data Integration for the Mod...
 
Discover.hdp2.2.storm and kafka.final
Discover.hdp2.2.storm and kafka.finalDiscover.hdp2.2.storm and kafka.final
Discover.hdp2.2.storm and kafka.final
 
State of the Union with Shaun Connolly
State of the Union with Shaun ConnollyState of the Union with Shaun Connolly
State of the Union with Shaun Connolly
 
Stinger.Next by Alan Gates of Hortonworks
Stinger.Next by Alan Gates of HortonworksStinger.Next by Alan Gates of Hortonworks
Stinger.Next by Alan Gates of Hortonworks
 
HDP Advanced Security: Comprehensive Security for Enterprise Hadoop
HDP Advanced Security: Comprehensive Security for Enterprise HadoopHDP Advanced Security: Comprehensive Security for Enterprise Hadoop
HDP Advanced Security: Comprehensive Security for Enterprise Hadoop
 
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
Starting Small and Scaling Big with Hadoop (Talend and Hortonworks webinar)) ...
 
Enabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical EnterpriseEnabling the Real Time Analytical Enterprise
Enabling the Real Time Analytical Enterprise
 

Andere mochten auch

Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayHadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?
Gavin Holt
 
Ranger admin dev overview
Ranger admin dev overviewRanger admin dev overview
Ranger admin dev overview
Tushar Dudhatra
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop Security
Chris Nauroth
 
H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞
H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞
H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞
KTH, 쌀읎티하읎텔
 
Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요
Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요
Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요
êč€ í•œë„
 
Integrate Big Data into Your Organization with Informatica and Perficient
Integrate Big Data into Your Organization with Informatica and PerficientIntegrate Big Data into Your Organization with Informatica and Perficient
Integrate Big Data into Your Organization with Informatica and Perficient
Perficient, Inc.
 

Andere mochten auch (20)

Hdp security overview
Hdp security overview Hdp security overview
Hdp security overview
 
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
 
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxHadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
 
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayHadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
 
Discover HDP 2.2: Comprehensive Hadoop Security with Apache Ranger and Apache...
Discover HDP 2.2: Comprehensive Hadoop Security with Apache Ranger and Apache...Discover HDP 2.2: Comprehensive Hadoop Security with Apache Ranger and Apache...
Discover HDP 2.2: Comprehensive Hadoop Security with Apache Ranger and Apache...
 
Hadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happyHadoop Security Features That make your risk officer happy
Hadoop Security Features That make your risk officer happy
 
NoSQL - No Security?
NoSQL - No Security?NoSQL - No Security?
NoSQL - No Security?
 
Informatica Big Data Edition - Profinit - Jan Ulrych
Informatica Big Data Edition - Profinit - Jan UlrychInformatica Big Data Edition - Profinit - Jan Ulrych
Informatica Big Data Edition - Profinit - Jan Ulrych
 
NoSQL, no security?
NoSQL, no security?NoSQL, no security?
NoSQL, no security?
 
Ranger admin dev overview
Ranger admin dev overviewRanger admin dev overview
Ranger admin dev overview
 
Data analysis with Tajo
Data analysis with TajoData analysis with Tajo
Data analysis with Tajo
 
TriHUG October: Apache Ranger
TriHUG October: Apache RangerTriHUG October: Apache Ranger
TriHUG October: Apache Ranger
 
Security needs in Hadoop’s Current and Future – How Apache Ranger can help?
Security needs in Hadoop’s Current and Future – How Apache Ranger can help?Security needs in Hadoop’s Current and Future – How Apache Ranger can help?
Security needs in Hadoop’s Current and Future – How Apache Ranger can help?
 
NoSQL, no SQL injections?
NoSQL, no SQL injections?NoSQL, no SQL injections?
NoSQL, no SQL injections?
 
Meet the experts dwo bde vds v7
Meet the experts dwo bde vds v7Meet the experts dwo bde vds v7
Meet the experts dwo bde vds v7
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop Security
 
êżˆêŸžëŠ” 데읎터 디자읎너 1êž°ë„Œ 끝낎며
êżˆêŸžëŠ” 데읎터 디자읎너 1êž°ë„Œ ëë‚Žë©°êżˆêŸžëŠ” 데읎터 디자읎너 1êž°ë„Œ 끝낎며
êżˆêŸžëŠ” 데읎터 디자읎너 1êž°ë„Œ 끝낎며
 
H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞
H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞
H3 2011 íŒŒìŽìŹìœŒëĄœ 큎띌우드 í•˜êł  싶얎요_분산Ʞ술Lab_하용혞
 
Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요
Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요
Big Data Myth 1. ìš°ëŠŹ íšŒì‚Źì—” ëč…데읎터가 없얎요
 
Integrate Big Data into Your Organization with Informatica and Perficient
Integrate Big Data into Your Organization with Informatica and PerficientIntegrate Big Data into Your Organization with Informatica and Perficient
Integrate Big Data into Your Organization with Informatica and Perficient
 

Ähnlich wie Discover Enterprise Security Features in Hortonworks Data Platform 2.1: Apache Knox

Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop Security
DataWorks Summit
 
Hadoop Security Today and Tomorrow
Hadoop Security Today and TomorrowHadoop Security Today and Tomorrow
Hadoop Security Today and Tomorrow
DataWorks Summit
 
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and CentrifySimplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Hortonworks
 
Securing the Hadoop Ecosystem
Securing the Hadoop EcosystemSecuring the Hadoop Ecosystem
Securing the Hadoop Ecosystem
DataWorks Summit
 
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
DataWorks Summit
 

Ähnlich wie Discover Enterprise Security Features in Hortonworks Data Platform 2.1: Apache Knox (20)

Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop Security
 
Hadoop & Security - Past, Present, Future
Hadoop & Security - Past, Present, FutureHadoop & Security - Past, Present, Future
Hadoop & Security - Past, Present, Future
 
2014 sept 4_hadoop_security
2014 sept 4_hadoop_security2014 sept 4_hadoop_security
2014 sept 4_hadoop_security
 
Hadoop security
Hadoop securityHadoop security
Hadoop security
 
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
 
Curb your insecurity with HDP - Tips for a Secure Cluster
Curb your insecurity with HDP - Tips for a Secure ClusterCurb your insecurity with HDP - Tips for a Secure Cluster
Curb your insecurity with HDP - Tips for a Secure Cluster
 
Hadoop Security Today and Tomorrow
Hadoop Security Today and TomorrowHadoop Security Today and Tomorrow
Hadoop Security Today and Tomorrow
 
Hadoop and Data Access Security
Hadoop and Data Access SecurityHadoop and Data Access Security
Hadoop and Data Access Security
 
Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015
 
Vmware Serengeti - Based on Infochimps Ironfan
Vmware Serengeti - Based on Infochimps IronfanVmware Serengeti - Based on Infochimps Ironfan
Vmware Serengeti - Based on Infochimps Ironfan
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big Data
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big Data
 
Apache Ranger
Apache RangerApache Ranger
Apache Ranger
 
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
Comprehensive Security for the Enterprise II: Guarding the Perimeter and Cont...
 
August 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for HadoopAugust 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for Hadoop
 
August 2014 HUG : Hive 13 Security
August 2014 HUG : Hive 13 SecurityAugust 2014 HUG : Hive 13 Security
August 2014 HUG : Hive 13 Security
 
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and CentrifySimplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
 
Securing the Hadoop Ecosystem
Securing the Hadoop EcosystemSecuring the Hadoop Ecosystem
Securing the Hadoop Ecosystem
 
Introduction to Cloudera's Administrator Training for Apache Hadoop
Introduction to Cloudera's Administrator Training for Apache HadoopIntroduction to Cloudera's Administrator Training for Apache Hadoop
Introduction to Cloudera's Administrator Training for Apache Hadoop
 
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
 

Mehr von Hortonworks

IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT StrategyIoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
Hortonworks
 
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging ManagerCuring Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
Hortonworks
 
Driving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data ManagementDriving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data Management
Hortonworks
 
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
Hortonworks
 

Mehr von Hortonworks (20)

Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next Level
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next LevelHortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next Level
Hortonworks DataFlow (HDF) 3.3 - Taking Stream Processing to the Next Level
 
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT StrategyIoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
IoT Predictions for 2019 and Beyond: Data at the Heart of Your IoT Strategy
 
Getting the Most Out of Your Data in the Cloud with Cloudbreak
Getting the Most Out of Your Data in the Cloud with CloudbreakGetting the Most Out of Your Data in the Cloud with Cloudbreak
Getting the Most Out of Your Data in the Cloud with Cloudbreak
 
Johns Hopkins - Using Hadoop to Secure Access Log Events
Johns Hopkins - Using Hadoop to Secure Access Log EventsJohns Hopkins - Using Hadoop to Secure Access Log Events
Johns Hopkins - Using Hadoop to Secure Access Log Events
 
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad GuysCatch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys
Catch a Hacker in Real-Time: Live Visuals of Bots and Bad Guys
 
HDF 3.2 - What's New
HDF 3.2 - What's NewHDF 3.2 - What's New
HDF 3.2 - What's New
 
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging ManagerCuring Kafka Blindness with Hortonworks Streams Messaging Manager
Curing Kafka Blindness with Hortonworks Streams Messaging Manager
 
Interpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical EnvironmentsInterpretation Tool for Genomic Sequencing Data in Clinical Environments
Interpretation Tool for Genomic Sequencing Data in Clinical Environments
 
IBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data LandscapeIBM+Hortonworks = Transformation of the Big Data Landscape
IBM+Hortonworks = Transformation of the Big Data Landscape
 
Premier Inside-Out: Apache Druid
Premier Inside-Out: Apache DruidPremier Inside-Out: Apache Druid
Premier Inside-Out: Apache Druid
 
Accelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at ScaleAccelerating Data Science and Real Time Analytics at Scale
Accelerating Data Science and Real Time Analytics at Scale
 
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATATIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
TIME SERIES: APPLYING ADVANCED ANALYTICS TO INDUSTRIAL PROCESS DATA
 
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
Blockchain with Machine Learning Powered by Big Data: Trimble Transportation ...
 
Delivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: ClearsenseDelivering Real-Time Streaming Data for Healthcare Customers: Clearsense
Delivering Real-Time Streaming Data for Healthcare Customers: Clearsense
 
Making Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with EaseMaking Enterprise Big Data Small with Ease
Making Enterprise Big Data Small with Ease
 
Webinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World PresentationWebinewbie to Webinerd in 30 Days - Webinar World Presentation
Webinewbie to Webinerd in 30 Days - Webinar World Presentation
 
Driving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data ManagementDriving Digital Transformation Through Global Data Management
Driving Digital Transformation Through Global Data Management
 
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming FeaturesHDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
HDF 3.1 pt. 2: A Technical Deep-Dive on New Streaming Features
 
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
Hortonworks DataFlow (HDF) 3.1 - Redefining Data-In-Motion with Modern Data A...
 
Unlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDCUnlock Value from Big Data with Apache NiFi and Streaming CDC
Unlock Value from Big Data with Apache NiFi and Streaming CDC
 

KĂŒrzlich hochgeladen

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel AraĂșjo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

KĂŒrzlich hochgeladen (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Discover Enterprise Security Features in Hortonworks Data Platform 2.1: Apache Knox

  • 1. Page 1 © Hortonworks Inc. 2014 Discover HDP 2.1 New Features for Security & Apache Knox Hortonworks. We do Hadoop.
  • 2. Page 2 © Hortonworks Inc. 2014 Speakers Justin Sears Hortonworks Product Marketing Manager Vinay Shukla Hortonworks Director of Product Management & owner of Hortonworks security roadmap Kevin Minder Hortonworks Engineer & Committer for Apache Knox Gateway project
  • 3. Page 3 © Hortonworks Inc. 2014 Agenda ‱  Security for Hadoop REST/HTTP API – Knox Gateway ‱  HDFS Security – ACLs ‱  SQL Security – Next Generation Hive Authorization
  • 4. Page 4 © Hortonworks Inc. 2014 OPERATIONS*TOOLS* Provision, Manage & Monitor DEV*&*DATA*TOOLS* Build & Test A Modern Data ArchitectureAPPLICATIONS*DATA**SYSTEM* REPOSITORIES* RDBMS* EDW* MPP* Business** Analy<cs* Custom* Applica<ons* Packaged* Applica<ons* Governance &Integration ENTERPRISE HADOOP Security Operations Data Access Data Management SOURCES* OLTP,&ERP,& CRM&Systems& Documents,&& Emails& Web&Logs,& Click&Streams& Social& Networks& Machine& Generated& Sensor& Data& GeolocaCon& Data&
  • 5. Page 5 © Hortonworks Inc. 2014 HDP 2.1: Enterprise Hadoop HDP 2.1 Hortonworks Data Platform ** Provision,* Manage*&* Monitor* & Ambari& Zookeeper& Scheduling* & Oozie& Data*WorkïŹ‚ow,* Lifecycle*&* Governance* * Falcon& Sqoop& Flume& NFS& WebHDFS& YARN*:*Data*Opera<ng*System& DATA**MANAGEMENT* SECURITY*DATA**ACCESS* GOVERNANCE*&* INTEGRATION* Authen<ca<on* Authoriza<on* Accoun<ng* Data*Protec<on* & Storage:&HDFS& Resources:&YARN& Access:&Hive,&
&& Pipeline:&Falcon& Cluster:&Knox& OPERATIONS* Script* & Pig& * * Search* * Solr& * * SQL* * Hive/Tez,& HCatalog& * * NoSQL* * HBase& Accumulo& * * Stream* ** Storm& & * * Others* * InTMemory& AnalyCcs,&& ISV&engines& 1& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& N* HDFS** (Hadoop&Distributed&File&System)& Batch* * Map& Reduce& * *
  • 6. Page 6 © Hortonworks Inc. 2014 HDP 2.1: Enterprise Hadoop HDP 2.1 Hortonworks Data Platform ** Provision,* Manage*&* Monitor* & Ambari& Zookeeper& Scheduling* & Oozie& Data*WorkïŹ‚ow,* Lifecycle*&* Governance* * Falcon& Sqoop& Flume& NFS& WebHDFS& YARN*:*Data*Opera<ng*System& DATA**MANAGEMENT* DATA**ACCESS* GOVERNANCE*&* INTEGRATION* OPERATIONS* Script* & Pig& * * Search* * Solr& * * SQL* * Hive/Tez,& HCatalog& * * NoSQL* * HBase& Accumulo& * * Stream* ** Storm& & * * Others* * InTMemory& AnalyCcs,&& ISV&engines& 1& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& °& N* HDFS** (Hadoop&Distributed&File&System)& Batch* * Map& Reduce& * * SECURITY* Authen<ca<on* Authoriza<on* Accoun<ng* Data*Protec<on* & Storage:&HDFS& Resources:&YARN& Access:&Hive,&
&& Pipeline:&Falcon& Cluster:&Knox&
  • 7. Page 7 © Hortonworks Inc. 2014 Security: Rings of Defense Perimeter Level Security ‱  Network Security (i.e. Firewalls) ‱  Apache Knox (i.e. Gateways) Authentication ‱  Kerberos OS Security Authorization ‱  MR ACLs ‱  HDFS Permissions ‱  HDFS ACLs ‱  HiveATZ-NG ‱  HBase ACLs ‱  Accumulo Label Security Data Protection ‱  Core Hadoop ‱  Partners
  • 8. Page 8 © Hortonworks Inc. 2014 Security for Hadoop REST API – Apache Knox Gateway
  • 9. Page 9 © Hortonworks Inc. 2014 Current Hadoop Client Model ‱  FileSystem and MapReduce Java APIs ‱  HDFS, Pig, Hive and Oozie clients (that wrap the Java APIs) ‱  Typical use of APIs is via “Edge Node” that is “inside” cluster ‱  Users SSH to Edge Node and execute API commands from shell HadoopUser Edge Node SSH!
  • 10. Page 10 © Hortonworks Inc. 2014 Why Knox? Simplified Access Single Hadoop access point Rationalized REST API hierarchy Consolidated API calls Multi-cluster support Client DSL Centralized Security Eliminate SSH “edge node” Central API management & audit Service-level authorization Identity Management SSO Integration LDAP & AD integration Knox eliminates the client’s requirements for intimate knowledge of cluster topology
  • 11. Page 11 © Hortonworks Inc. 2014 Hadoop REST API Security: Drill-Down REST Client Enterprise Identity Provider LDAP/AD Knox Gateway GW GW Firewall Firewall DMZ L B Edge Node/ Hadoop CLIs Edge Node/ Hadoop CLIs RPC HTTP HTTP HTTP LDAP RPC Hadoop Cluster 2 Masters Slaves NN RM Oozie Web HCat HS2 HBase DN NM Hadoop Cluster 2 Masters Slaves NN RM Oozie Web HCat HS2 HBase DN NM
  • 12. Page 12 © Hortonworks Inc. 2014 Knox Summary ‱  Simplifies Client Interaction with REST Web Services ‱  Abstracts away complexities of Kerberos ‱  Integrates with LDAP, Site Minder & other protocols in future ‱  Provides Authorization to each Web Service with IP, User, Group policies ‱  Able to secure multiple clusters through a single-endpoint
  • 13. Page 13 © Hortonworks Inc. 2014 HDFS Access Control List (ACL)
  • 14. Page 14 © Hortonworks Inc. 2014 HDFS Permissions Model Before HDP 2.1 ‱ HDFS permissions at a File & Directory level ‱ Managed by a set of 3 distinct user classes – “owner”, “group” and “others” ‱ 3 permissions for each user class – Read (“r”), Write (“w”), Execute (“e”) – For Files, “r” for read, “w” for write – For Directories, “r” to list content, “w” to create/delete files + directories, “x” for access child of directory Owner Group Others HDFS Directory 
 rwx 
 rwx 
 rwx
  • 15. Page 15 © Hortonworks Inc. 2014 HDFS File Permissions Example ‱  Authorization requirements: –  In a sales department, they would like a single user Maya (Department Manager) to control all modifications to sales data –  Other members of sales department need to view the data, but can’t modify it. –  Everyone else in the company must not be allowed to view the data. ‱  Can be implemented via the following: Read/Write perm for user maya User Group Read perm for group sales File with sales data
  • 16. Page 16 © Hortonworks Inc. 2014 HDFS Extended ACLs in HDP 2.1 ‱  Problem – No longer feasible for Maya to control all modifications to the file –  New Requirement: Maya, Diane and Clark are allowed to make modifications –  New Requirement: New group called executives should be able to read the sales data – Current permissions model only allows permissions at 1 group and 1 user ‱  Solution: HDFS Extended ACLs – Now assign different permissions to different users and groups Owner Group Others HDFS Directory 
 rwx 
 rwx 
 rwx Group D 
 rwx Group F 
 rwx User Y 
 rwx
  • 17. Page 17 © Hortonworks Inc. 2014 HDFS Extended ACLs in HDP 2.1 New Tools for ACL Management (setfacl, getfacl) – hdfs dfs -setfacl -m group:execs:r-- /sales-data! – hdfs dfs -getfacl /sales-data‹ # file: /sales-data‹ # owner: maya‹ # group: sales‹ user::rw-‹ group::r--‹ group:execs:r--‹ mask::r--‹ other::--! How do you know if a directory has ACLs set? – hdfs dfs -ls /sales-data‹ Found 1 items‹ -rw-r-----+  3 maya sales          0 2014-03-04 16:31 /sales-data!
  • 18. Page 18 © Hortonworks Inc. 2014 HDFS Extended ACLs in HDP 2.1 Default ACLs – hdfs dfs -setfacl -m default:group:execs:r-x / monthly-sales-data! – hdfs dfs -mkdir /monthly-sales-data/JAN! – hdfs dfs –getfacl /monthly-sales-data/JAN! –  # file: /monthly-sales-data/JAN‹ # owner: maya‹ # group: sales‹ user::rwx‹ group::r-x‹ group:execs:r-x‹ mask::r-x‹ other::---‹ default:user::rwx‹ default:group::r-x‹ default:group:execs:r-x‹ default:mask::r-x‹ default:other::---"
  • 19. Page 19 © Hortonworks Inc. 2014 SQL-Style Security for Hive –ATZ-NG
  • 20. Page 20 © Hortonworks Inc. 2014 Hive Authorization Before HDP 2.1 HiveAuthorizationProvider(HAP) as the base interface 1.  StorageBasedAuthorizationProvider – Uses HDFS permissions to make authorization decision – HDFS dir permission = Table Permission – Coarse grained, no column level security – Secure://hive.apache.org/docs/hcat_r0.5.0/authorization.pdf 2.  DefaultHiveAuthorizationProvider – BROKEN HORTONWORKS RECOMMENDATION: DO NOT USE – RDBMS style authorization provider – Does not check all operations – Does not check policy grants
  • 21. Page 21 © Hortonworks Inc. 2014 Hive Authorization in HDP 2.1 ‱ Many paths into Hive – Hive CLI, Beeline, Oozie, Hue, Pig, HCatalog, etc. – Admin type users use CLI, Pig, HCatalog – Business users use O/JDBC, Beeline ‱ Other security concerns – Authentication is enforced. It is a pre-requisite to meaningful authorization – No direct access to HDFS – cluster is Kerberized and restricts access – Hive Metastore is protected and allows only authorized access – Views are used to provide row/column level access with ATZ-NG
  • 22. Page 22 © Hortonworks Inc. 2014 Hive ATZ-NG – Architecture HDFS Metastore HiveServer2 O/JDBC Beeline CLI ‱  ATZ-NG is called for O/JDBC & Beeline CLI ‱  Standard SQL GRANT / REVOKE for management ‱  Privilege to register UDF restricted to Admin user ‱  Policy integrated with Table/View life cycle Storage Based Authorization Hive CLI OozieHue PIG HCat Ambari 0. Enable HiveATZ-NG 1. Authentication UDFs Protected – fine grained Protected -- coarse grained Restrict direct access to Metastore Protect HDFS with Kerberos & HDFS ACL ATZ-NG 2. Authorization
  • 23. Page 23 © Hortonworks Inc. 2014 Hive ATZ-NG Details Hive ATZ NG SQL standard-based authorization Manually config Hive to enable, Hive restart required Grants on tables or views to roles or users GRANT/REVOKE action ON [table | view] to role | user! Policy stored in Hive Metastore Table/View lifecycle auto-synced with policy stored in Hive Metastore Grant/Revoke does integrity check, prevents invalid policies Show grants on user | table | view | role & shows policy Supports delegated administration All data need to be readable/writable by Hive user, combined with HDFS ACL, need not be owned by Hive user Back up of Policy same as Hive Metastore backup Check on the ability to register UDF
  • 24. Page 24 © Hortonworks Inc. 2014 What about MR/Pig/Hive CLI? ‱ All these are ETL run by privileged users ‱ Protect them at coarse grained level with StorageBasedAuthorization
  • 25. Page 25 © Hortonworks Inc. 2014 Summary ATZ-NG is a superior approach for Hive Authorization because it delivers: 1.  Familiar & DBA-friendly approach for defining security policies for Hive Tables. No additional education required to understand how to take advantage of this. 2.  Integrated and error-free policy definition approach which works in lock-step with the lifecycle of tables and views. 3.  Minimal additional operational overhead to take advantage of ATZ-NG; from no required MR/YARN restart through leveraging pre-existing Hive Metastore (and associated handling - back-up, recovery, etc.)
  • 26. Page 26 © Hortonworks Inc. 2014 Hive ATZ-NG Example Page 26
  • 27. Page 27 © Hortonworks Inc. 2014 Scenario ‱ Objective: Share Product Management Roadmap securely ‱ Actors: – Admin Role – Specified in hive-site – Admin role controls role memberships – Product Management Role – Should be able to create, read all road map details. – Members: Vinay Shukla, Tim Hall – Engineering Role – Should be able to read (see) all roadmap details – Members: Kevin Minder, Larry McCay
  • 28. Page 28 © Hortonworks Inc. 2014 Step 1: Admin role Creates Roles, Adds Users 1.  CREATE ROLE PM; 2.  CREATE ROLE ENG; 3.  GRANT ROLE PM to user timhall with admin option; 4.  GRANT ROLE PM to user vinayshukla; 5.  GRANT ROLE ENG to user kevinminder with admin option; 6.  GRANT ROLE ENG to user larrymccay;
  • 29. Page 29 © Hortonworks Inc. 2014 Step 2: Super-user Creates Tables/Views create table hdp_hadoop_plans ( id int, hadoop_roadmap string, hdp_roadmap string );
  • 30. Page 30 © Hortonworks Inc. 2014 Step 3: Users or Roles Assigned To Tables 1.  GRANT ALL ON hdp_hadoop_plans TO ROLE PM; 2.  GRANT SELECT ON hdp_hadoop_plans TO ROLE ENG;
  • 31. Page 31 © Hortonworks Inc. 2014 Learn More Hortonworks.com/labs/ security/ Register for the other six Discover HDP 2.1 Webinars Hortonworks.com/webinars Next on the Security Roadmap