By Sudheesh Narayanan
Defense of huge facts is likely one of the largest matters for businesses this present day. How will we guard the delicate details in a Hadoop atmosphere? How do we combine Hadoop safety with current company protection structures? What are the demanding situations in securing Hadoop and its atmosphere? those are the questions which have to be spoke back with a view to verify powerful administration of massive facts. Hadoop, in addition to Kerberos, offers safety features which allow immense info administration and which hold info safe.
Read Online or Download Securing Hadoop PDF
Best enterprise applications books
Office 2016 All-In-One For Dummies
The short and straightforward strategy to get issues performed with workplace puzzled by way of PowerPoint? seeking to excel at Excel? From entry to observe and each program in among this all-encompassing consultant presents plain-English tips on getting to know the full Microsoft workplace suite. via easy-to-follow guideline, you'll quick wake up and working with Excel, notice, PowerPoint, Outlook, entry, writer, Charts and pictures, OneNote, and extra and make your paintings and residential lifestyles more straightforward, extra effective, and extra streamlined.
Emerging Topics and Technologies in Information Systems
At the present time, the data platforms (IS) self-discipline faces new demanding situations. rising applied sciences in addition to matured techniques for the social, technical, and developmental function of IS offer a brand new context for the evolution of the self-discipline over the following couple of years. rising subject matters and applied sciences in details structures communicates the demanding situations and possibilities that details platforms study is facing this day whereas selling state of the art study on how present IS help is developing the severe spine for the information society.
Exchange 2010 SP1 - A Practical Approach
Alternate Server 2010 provider Pack 1 is the newest incarnation of Microsoft's Messaging and Collaboration platform, and is has loads of new, compelling beneficial properties. it's the 7th significant model of the product, and it rolls out a few vital alterations and many small advancements. Even greater, loads of advanced concerns from past types have noticeable solved, or just got rid of, making the administrator's lifestyles a lot more uncomplicated!
Extra info for Securing Hadoop
Example text
To ensure that the authentication performed by NameNode is also enforced at DataNode, Hadoop implements the BAT. BAT is the token provided by NameNode to a Hadoop client to pass data access authentication information to DataNode. The Block Access Token implements a symmetric key encryption where both NameNode and DataNode share a common secret key. DataNode receives this secret key once it registers with NameNode and is regenerated periodically. Each of these secret keys is identified by keyID.
Each of these secret keys is identified by keyID. BAT is lightweight and contains expirationDate, keyID, ownerID, blockID, and accessModes. The access Mode defines the permission available to the user for the requested block ID. The BAT generated by NameNode is not renewable and needs to be fetched again once the token expires. BAT has a lifetime of 10 hours. Thus, BAT ensures that the data blocks in DataNode are secured, and only authorized users can access the data blocks. [ 21 ] Hadoop Security Design The following figure shows the various interactions in a secured Hadoop cluster: Client (user) NameNode (NN) KDC Authenticate (user) 1 2 1 Authenticate (HDFS) DataNode (DN) TaskTracker (TT) 1 1 Authenticate (HDFS) 3 1 Authenticate (MapRed) Register TT Register DN Request JT Service Ticket 4 Request read/write for file Child JVM (Map or Reduce) Initial Authentication Flows Authenticate (MapRed) Request TGT Request NN Service Ticket JobTracker (JT) Exchange Secret key between NN and DN 2 1 2 5 Data Read Flow from HDFS 6 Provide data for BlockID =+ Block Access Token Request BlockID with Block Access Token 7 Provid data for BlockID 8 Request NN Delegation Token 9 with JT as renewal MapReduceExecutionFlow Submit map reduce Code + Configurations + Delegation Token 10 Request Block Access Token 11 Create Job Token and Block Access Token 12 and store in HDFS Submit task for execution 13 Store Job Token and store in used directory 14 Start child JVM user id 15 Interactions in a secured Hadoop cluster The key steps in the overall Hadoop Kerberos operations are: • All Hadoop services authenticate themselves with KDC.
Local -p admin/admin The kinit command is used to authenticate the user with KDC. We can verify the administrator authentication using kinit to ensure that KDC is able to authenticate the users. COM Adding the user or service principals After the admin user setup is completed and the Kerberos daemons have started, then we can add the principals to the Kerberos database using the kadmin utility. COM Configuring LDAP as the Kerberos database Next we can add the principals to the Kerberos database using the kadmin utility.