Data
Reader small image

You're reading from  Securing Hadoop

Product typeBook
Published inNov 2013
Reading LevelIntermediate
PublisherPackt
ISBN-139781783285259
Edition1st Edition
Languages
Java
Tools
Hadoop
Concepts
Data Processing
Right arrow
Author (1)
Sudheesh Narayan
Sudheesh Narayan
author image
Sudheesh Narayan

Sudheesh Narayanan is a Technology Strategist and Big Data Practitioner with expertise in technology consulting and implementing Big Data solutions. With over 15 years of IT experience in Information Management, Business Intelligence, Big Data & Analytics, and Cloud & J2EE application development, he provided his expertise in architecting, designing, and developing Big Data products, Cloud management platforms, and highly scalable platform services. His expertise in Big Data includes Hadoop and its ecosystem components, NoSQL databases (MongoDB, Cassandra, and HBase), Text Analytics (GATE and OpenNLP), Machine Learning (Mahout, Weka, and R), and Complex Event Processing. Sudheesh is currently working with Genpact as the Assistant Vice President and Chief Architect – Big Data, with focus on driving innovation and building Intellectual Property assets, frameworks, and solutions. Prior to Genpact, he was the co-inventor and Chief Architect of the Infosys BigDataEdge product.
Read more about Sudheesh Narayan

Right arrow

Chapter 5. Integrating Hadoop with Enterprise Security Systems

In the previous chapter, we looked at how to establish Kerberos authentication for the Hadoop ecosystem components. Establishing the authentication is only the first step towards providing secured access to the Hadoop ecosystem. In this chapter, we will focus on centrally managing the authentication and authorization of the various Hadoop users, and address the various challenges for integrating the Enterprise Security Systems with a secured Hadoop cluster.

Once Hadoop users are centrally managed, there is a need for these users to directly access and work on the Hadoop cluster. However, Hadoop service daemons use multiple communication protocols to communicate with each other. This requires multiple unsecured ports to be opened between the cluster machines. This brings in a security concern for the organization deploying Hadoop. So, usually, Hadoop clusters are isolated in a separate network and user access is only provided through...

Integrating Enterprise Identity Management systems

Typically, organizations have a central user identity management system known as Enterprise Identity Management (EIM) system using products such as IBM Tivoli Identity Manager, Oracle Identity Manager, and Windows Active Directory. Enterprise user's access privileges are centrally managed in these systems. These systems manage the user credentials and their roles using groups. User authorization is managed using these security groups. Users are assigned to groups, where each group has a specific authorization and access privilege defined. The user inherits group privileges based on their group membership.

By default, Hadoop uses the logged in Operating System (OS) users and the corresponding user groups to provide the authorization within Hadoop. Hadoop daemons (NameNode, DataNode, and so on) and ecosystem components such as Oozie, Hive, HBase uses these group memberships to determine the level of authorization allowed for the user. By default...

Accessing a secured Hadoop cluster from an enterprise network

Typical deployment architecture of a secured Hadoop cluster in an enterprise context is shown in the following diagram:

The Corporate Network is firewalled with the Hadoop cluster and connectivity is only provided through the EdgeNodes (also also known as Gateway Servers). The Gateway Server allows an entry point for external applications, tools, and users to the secured Hadoop cluster. It is deployed between the Hadoop cluster and the corporate network. As all users log in to this machine and the credentials for the user defined in this machine are used while accessing the Hadoop cluster, this node can be used to provide access control, policy enforcement, logging, and gateway services to the Hadoop environment. Depending on the number of users accessing the Hadoop cluster, there could be more than one Gateway Server in a Hadoop cluster.

Clients in the corporate network can't directly access the Hadoop cluster. They log in...

Summary

In this chapter, we looked at the various challenges for integrating a secured Hadoop cluster with Enterprise systems. One of the main concerns for organizations adopting Big Data is its security. Having the ability to manage Hadoop users' identity and authorizations centrally using existing EIM systems clears the first hurdle in the Big Data adoption journey. In this chapter, we looked at the implementation details for integrating EIM systems with the Hadoop KDC and how seamlessly Enterprise existing security process can be easily extended to Hadoop. Another big concern for organizations is usually around network security. In this chapter, we detailed out the implementation approach to enforce perimeter security around the Hadoop cluster and how to provide end users with seamless access from corporate networks to the secured Hadoop cluster using HttpFS, HUE, and Knox Gateway Server.

In the next chapter, we look at another important security concern for Big Data adoption and that...

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 11 of 15
Next Chapter
You have been reading a chapter from
Securing Hadoop
Published in: Nov 2013Publisher: PacktISBN-13: 9781783285259
© 2013 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Sudheesh Narayan

Sudheesh Narayanan is a Technology Strategist and Big Data Practitioner with expertise in technology consulting and implementing Big Data solutions. With over 15 years of IT experience in Information Management, Business Intelligence, Big Data & Analytics, and Cloud & J2EE application development, he provided his expertise in architecting, designing, and developing Big Data products, Cloud management platforms, and highly scalable platform services. His expertise in Big Data includes Hadoop and its ecosystem components, NoSQL databases (MongoDB, Cassandra, and HBase), Text Analytics (GATE and OpenNLP), Machine Learning (Mahout, Weka, and R), and Complex Event Processing. Sudheesh is currently working with Genpact as the Assistant Vice President and Chief Architect – Big Data, with focus on driving innovation and building Intellectual Property assets, frameworks, and solutions. Prior to Genpact, he was the co-inventor and Chief Architect of the Infosys BigDataEdge product.
Read more about Sudheesh Narayan

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages