Skip to main content

Security Architecture for Apache Hadoop


Through the years, there has been a clamor and need expressed for robust Apache Hadoop security framework. Considering the massive amount of data that nodes hold, there is an increasing need to focus on security architecture for the cluster. Further, there is a sensitization around the regulatory and legal norms that enterprise firms need to follow.

hadoopsphere.com presents below a security architecture that can be adapted in your Apache Hadoop cluster. Tools may vary based on off-the-shelf utilities or custom in-house monitoring programs. It is essential that each firm depending on its business use case put in essential guards and checks for protecting the Hadoop nodes. The following 10 components should always serve as your discussion guide while implementing security architecture for Apache Hadoop.


Key components required in security architecture for Apache Hadoop:


1. Role based authorization:
- Ensure separation of duties
- Restrict functional access

2. Admin and Configuration:
- Role based administration
- Configurable node and cluster parameters

3. Authentication framework:
- Validate nodes
- Validate client applications
for access to the cluster and  MapReduce jobs

4. Audit Log:
- Log transactions
- Log activities

5. Alerts:
- Real-time alerting
- Constant monitoring

6. File encryption:
- Protect private information (SPI/BPI)
- Comply with regulatory norms

7. Key certificate Server:
- Central key management server to manage different keys for different files.

8. Network security:
- Ensure secure communications between nodes, applications and other interface

9. Resource slim: 
- Minimal consumption of network
- Minimal consumption of resources, threads, process

10. Universal:
- Hadoop agnostic – compatible across distributions
- Heterogeneous support – compatible across ecosystem



© hadoopsphere.com

Comments

Popular posts from this blog

Offloading legacy with Hadoop

With most Fortune 500 organizations having invested in mainframes and other workload systems in the past, the rise of Big Data platforms poses newer integration challenges. The data integration and ETL players are finding fresh opportunities to solve business and IT problems within the Hadoop ecosystem.
To understand the context, challenges and opportunities, we asked a few questions to Syncsort CEO Lonne Jaffe. Syncsort provides fast, secure, enterprise-grade software spanning Big Data in Apache Hadoop to Big Iron on mainframes. At Syncsort, Lonne Jaffe is focusing on accelerating the growth of the company's high-performance Big Data offerings, both organically and through acquisition.
From mainframes to Hadoop and other platforms, Syncsort seems to have been evolving itself continuously. Where do you see Syncsort heading further?Lonne Jaffe: Syncsort is extraordinary in its ability to continuously reinvent itself. Today, we’re innovating around Apache Hadoop and other Big Data pla…

Data deduplication tactics with HDFS and MapReduce

As the amount of data continues to grow exponentially, there has been increased focus on stored data reduction methods. Data compression, single instance store and data deduplication are among the common techniques employed for stored data reduction.
Deduplication often refers to elimination of redundant subfiles (also known as chunks, blocks, or extents). Unlike compression, data is not changed and eliminates storage capacity for identical data. Data deduplication offers significant advantage in terms of reduction in storage, network bandwidth and promises increased scalability.
From a simplistic use case perspective, we can see application in removing duplicates in Call Detail Record (CDR) for a Telecom carrier. Similarly, we may apply the technique to optimize on network traffic carrying the same data packets.
Some of the common methods for data deduplication in storage architecture include hashing, binary comparison and delta differencing. In this post, we focus on how MapReduce and…

Top Big Data Influencers of 2015

2015 was an exciting year for big data and hadoop ecosystem. We saw hadoop becoming an essential part of data management strategy of almost all major enterprise organizations. There is cut throat competition among IT vendors now to help realize the vision of data hub, data lake and data warehouse with Hadoop and Spark.
As part of its annual assessment of big data and hadoop ecosystem, HadoopSphere publishes a list of top big data influencers each year. The list is derived based on a scientific methodology which involves assessing various parameters in each category of influencers. HadoopSphere Top Big Data Influencers list reflects the people, products, organizations and portals that exercised the most influence on big data and ecosystem in a particular year. The influencers have been listed in the following categories:

AnalystsSocial MediaOnline MediaProductsTechiesCoachThought LeadersClick here to read the methodology used.

Analysts:Doug HenschenIt might have been hard to miss Doug…