Abstract:
As organizations start to roll out or migrate data driven applications to Apache Hadoop, there are times when they have conflicting needs to leverage their full co-mingled data sets in Hadoop
while providing isolation of sections of such co-mingled data to a specific customer. Serving multiple customers in this manner is a typical multi-tenant usecase and one that can be challenging in Apache Hadoop.
This presentation walks through a number of patterns that can be leveraged for providing isolation of tenants based on the composability of Apache Knox for:
* Authentication/Federation Providers
* KnoxSSO
* Identity Assertion
* Tenant specific topologies
With these patterns, Knox can provide an infrastructure for robust tenant isolation and access control for application UIs and REST APIs for your data landscape, when suitably coupled with a cluster that has carefully considered infrastructure including:
* Kerberos
* Tenant specific user accounts, OUs and Groups within LDAP
* Authorization Policy that is aware of the tenant specific groups,
Summary:
We will walk through some of the patterns that have been used to enable such a multi-tenant environment as well as the specific considerations for topology, access control and user accounts involved with creating such an environment.
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
An Approach for Multi-Tenancy Through Apache Knox
1. An Approach for Multi-
tenant Applications with
Apache Knox
Larry McCay
Architect and Manager for Security Infra -
Hortonworks
Sumit Gupta
Technical Lead for Knox - Hortonworks
April 5th 2017 – DataWorks Summit Munich