Swarnim Kulkarni (Cerner)
Cerner has been an active consumer of HBase for a very long time, storing petabytes of healthcare data in its multiple isolated HBase clusters. This talk will walk through the design of Cerner's enterprise data hub with a focus on the multi-tenant HBase as a service offering within the hub.
32. “An
Enterprise
Data
Hub
is
a
centralized
loca0on
to
store
all
data,
for
as
long
as
needed,
in
its
original
fidelity;
with
flexibility
to
run
variety
of
enterprise
workloads
including
batch
processing
and
interac0ve
SQL
-‐
with
robust
security,
audi0ng
and
management.”
33. “An
Enterprise
Data
Hub
is
a
centralized
loca-on
to
store
all
data,
for
as
long
as
needed,
in
its
original
fidelity;
with
flexibility
to
run
variety
of
enterprise
workloads
including
batch
processing
and
interac0ve
SQL
-‐
with
robust
security,
audi0ng
and
management.”
34. “An
Enterprise
Data
Hub
is
a
centralized
loca-on
to
store
all
data,
for
as
long
as
needed,
in
its
original
fidelity;
with
flexibility
to
run
variety
of
enterprise
workloads
including
batch
processing
and
interac0ve
SQL
-‐
with
robust
security,
audi0ng
and
management.”
35. “An
Enterprise
Data
Hub
is
a
centralized
loca-on
to
store
all
data,
for
as
long
as
needed,
in
its
original
fidelity;
with
flexibility
to
run
variety
of
enterprise
workloads
including
batch
processing
and
interac0ve
SQL
-‐
with
robust
security,
audi0ng
and
management.”
36. “An
Enterprise
Data
Hub
is
a
centralized
loca-on
to
store
all
data,
for
as
long
as
needed,
in
its
original
fidelity;
with
flexibility
to
run
variety
of
enterprise
workloads
including
batch
processing
and
interac0ve
SQL
-‐
with
robust
security,
audi-ng
and
management.”
37. Mul8-‐tenant
Secure
and
Compliant
Ac8ve
archive
of
all
data
Low
barrier
of
entry
Hadoop
as
a
Service
Data
Hub
is….
41. Support
mul8-‐tenant
environment
for
mul8ple
users
Isolated
deployment
Set
quota
per
consumer
ACLs
for
project
level
administra8on
Appropriate
security
for
user
authen8ca8on
46. Making
sure
that
you
have
sufficient
resources
before
you
start
the
job!
47. CGroups
• Control
Groups
• Police
and
limit
CPU,
Disk
I/O
and
Memory
usage
• Resource
guarantee
by
sta8c
par88oning
• Very
useful
in
case
of
conten8on
48. • Value
for
resource-‐limits
driven
by
individual
tenants
depending
on
the
workload
• Defaults
to
70-‐30
usage
for
memory
and
CPU
between
(NodeManager
+
Datanode)
and
RegionServer
• Higher
memory
on
RS
(at
least
4
GB)
helps
avoid
swapping
and
happier
GC
CPU
CPU
CPU
MEMORY
MEMORY
MEMORY
SEPSIS
M+
POP
HEALTH
49. What
we
learned
• Recommend
tenants
to
give
atleast
4
GB
of
memory
to
the
regionserver
for
smoother
opera8on
• Coopera8ve
memory
(ex:
via
JVM
heaps,
max.
container
sizes)
works
bejer
than
cgroup
limits
• Disable
swapping
on
HBase
nodes
• Disable
HDFS
load
balancer
• CMS
GC
performs
way
bejer
• Limit
number
of
containers
running
on
nodes
to
maximize
performance
51. Request
queues
• Priori8ze
variety
of
workflows
that
need
access
to
HBase
• Important
to
meet
SLAs
for
tenants
• “FIFO”
vs
“Deadline”
queue
type
• “Deadline”(default)
proved
to
work
prejy
well
for
most
of
the
cases
• Cannot
be
set
per
tenant
but
has
to
be
set
per
cluster
–
support
coming
soon
52. Quotas
• Makes
sure
that
no
single
tenant
abuses
the
system
• Peaceful
coexistence
• Promotes
a
pay-‐per-‐use
model.
Could
buy
a
higher
throjle
limit
by
contribu8ng
more
number
of
nodes
• Usually
we
set
throjle
on
a
per
namespace
basis
but
could
also
set
on
the
per
table/user
basis
if
needed
54. Namespace
• Logical
grouping
of
HBase
tables
• Analogous
to
databases
• Provides
tenants
with
individual
space
to
operate
on
• Tied
to
the
AD
group
used
when
onboarding
• Could
also
apply
quotas(max
regions/tables)
per
namespace(HBASE-‐8410)
but
not
using
that
feature
for
now
56. Authen8ca8on
• Cluster
secured
by
Kerberos
• Disallow
impersona8on
• Require
kinit
to
first
authen8cate
with
the
KDC
before
accessing
the
cluster
57. ACLs
• Provides
the
authoriza8on
piece
• Set
per
namespace
and
8ed
to
the
AD
groups
• Required
proper8es
58. ACLs
<ac0on>
-‐
Determines
the
type
of
ac8on
–
grant
or
revoke
<en0ty>
-‐
Determines
en8ty
to
grant
access
to
–
user
or
groups
<level>
-‐
Determines
the
access
level
–
RWXCA
<scope>
-‐
Determines
the
scope
for
access
–
namespace,
table,
column
family
or
Cell
Must
be
a
super
user
to
run
these
commands
(Determined
by
hbase.supersuser)
66. Onboarding
-‐
Deployment
M+
Pop.
Health
DATA
HUB
Tenants
could
choose
to
modify
the
cgroup
configura8on
depending
on
expected
workloads
or
just
stay
with
defaults
67. Onboarding
-‐
Isola8on
• Create
AD
groups
• poph_users,
pop_admins
• mplus_users,
mplus_admins
• Create
namespaces
(as
super
user)
hbase(main):001:0> create_namespace ’mplus'
0 row(s) in 0.5650 seconds
hbase(main):001:0> create_namespace ’poph'
0 row(s) in 0.7262 seconds
71. What
we
can
do
bejer
• Namespace
quota
support
(HBASE-‐8410)
• Limit
tables/regions
per
namespace
• Region
Server
Groups
(HBASE-‐6721)
• Pin
namespace/tables
to
subset
of
regionservers
• Advanced
namespace
security
(HBASE-‐9206)
• Higher
flexibility
to
admins
and
tenants
for
namespace
management