Security Architecture for Apache Hadoop

Through the years, there has been a clamor and need expressed for robust Apache Hadoop security framework. Considering the massive amount of data that nodes hold, there is an increasing need to focus on security architecture for the cluster. Further, there is a sensitization around the regulatory and legal norms that enterprise firms need to follow.

hadoopsphere.com presents below a security architecture that can be adapted in your Apache Hadoop cluster. Tools may vary based on off-the-shelf utilities or custom in-house monitoring programs. It is essential that each firm depending on its business use case put in essential guards and checks for protecting the Hadoop nodes. The following 10 components should always serve as your discussion guide while implementing security architecture for Apache Hadoop.

Key components required in security architecture for Apache Hadoop:

1. Role based authorization:
- Ensure separation of duties
- Restrict functional access

2. Admin and Configuration:
- Role based administration
- Configurable node and cluster parameters

3. Authentication framework:
- Validate nodes
- Validate client applications
for access to the cluster and MapReduce jobs

4. Audit Log:
- Log transactions
- Log activities

5. Alerts:
- Real-time alerting
- Constant monitoring

6. File encryption:
- Protect private information (SPI/BPI)
- Comply with regulatory norms

7. Key certificate Server:
- Central key management server to manage different keys for different files.

8. Network security:
- Ensure secure communications between nodes, applications and other interface

9. Resource slim:
- Minimal consumption of network
- Minimal consumption of resources, threads, process

10. Universal:
- Hadoop agnostic – compatible across distributions
- Heterogeneous support – compatible across ecosystem

© hadoopsphere.com

Comments

5 online tools in data visualization playground

While building up an analytics dashboard, one of the major decision points is regarding the type of charts and graphs that would provide better insight into the data. To avoid a lot of re-work later, it makes sense to try the various chart options during the requirement and design phase. It is probably a well known myth that existing tool options in any product can serve all the user requirements with just minor configuration changes. We all know and realize that code needs to be written to serve each customer’s individual needs.
To that effect, here are 5 tools that could empower your technical and business teams to decide on visualization options during the requirement phase. Listed below are online tools for you to add data and use as playground.
1) Many Eyes: Many Eyes is a data visualization experiment by IBM Researchandthe IBM Cognos software group. This tool provides option to upload data sets and create visualizations including Scatter Plot, Tree Map, Tag/Word cloud and ge…

6 comments

Read more

Data deduplication tactics with HDFS and MapReduce

By Sachin Ghai February 12, 2013

As the amount of data continues to grow exponentially, there has been increased focus on stored data reduction methods. Data compression, single instance store and data deduplication are among the common techniques employed for stored data reduction.
Deduplication often refers to elimination of redundant subfiles (also known as chunks, blocks, or extents). Unlike compression, data is not changed and eliminates storage capacity for identical data. Data deduplication offers significant advantage in terms of reduction in storage, network bandwidth and promises increased scalability.
From a simplistic use case perspective, we can see application in removing duplicates in Call Detail Record (CDR) for a Telecom carrier. Similarly, we may apply the technique to optimize on network traffic carrying the same data packets.
Some of the common methods for data deduplication in storage architecture include hashing, binary comparison and delta differencing. In this post, we focus on how MapReduce and…

2 comments

Read more

Hadoop's 10 in LinkedIn's 10

By Sachin Ghai May 06, 2013

LinkedIn, the pioneering professional social network has turned 10 years old. One of the hallmarks of its journey has been its technical accomplishments and significant contribution to open source, particularly in the last few years. Hadoop occupies a central place in its technical environment powering some of the most used features of desktop and mobile app. As LinkedIn enters the second decade of its existence, here is a look at 10 major projects and products powered by Hadoop in its data ecosystem.
1) Voldemort: Arguably, the most famous export of LinkedIn engineering, Voldemort is a distributed key-value storage system. Named after an antagonist in Harry Potter series and influenced by Amazon’s Dynamo DB, the wizardry in this database extends to its self healing features. Available in HA configuration, its layered, pluggable architecture implementations are being used for both read and read-write use cases.
2) Azkaban: A batch job scheduling system with a friendly UI, Azkab…

Post a Comment

Read more

HadoopSphere

Search HadoopSphere