Publicité
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud
Built-In Security for the Cloud

Check these out next

From Insights to Value - Building a Modern Logical Data Lake to Drive User Ad...
From Insights to Value - Building a Modern Logical Data Lake to Drive User Ad...
DataWorks Summit
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
DataWorks Summit
Insights into Real-world Data Management Challenges
Insights into Real-world Data Management Challenges
DataWorks Summit
Accelerating Big Data Insights
Accelerating Big Data Insights
DataWorks Summit
HAWQ Meets Hive - Querying Unmanaged Data
HAWQ Meets Hive - Querying Unmanaged Data
DataWorks Summit
Big Data in the Cloud - The What, Why and How from the Experts
Big Data in the Cloud - The What, Why and How from the Experts
DataWorks Summit/Hadoop Summit
Startup Case Study: Leveraging the Broad Hadoop Ecosystem to Develop World-Fi...
Startup Case Study: Leveraging the Broad Hadoop Ecosystem to Develop World-Fi...
DataWorks Summit
Dancing elephants - efficiently working with object stores from Apache Spark ...
Dancing elephants - efficiently working with object stores from Apache Spark ...
DataWorks Summit
1 sur 26

Built-In Security for the Cloud

21 Sep 2017
Télécharger pour lire hors ligne
Technologie

Today enterprises desire to move more and more of their data lakes to the cloud to help them execute faster, increase productivity, drive innovation while leveraging the scale and flexibility of the cloud. However, such gains come with risks and challenges in the areas of data security, privacy, and governance. In this talk we cover how enterprises can overcome governance and security obstacles to leverage these new advances that the cloud can provide to ease the management of their data lakes in the cloud. We will also show how the enterprise can have consistent governance and security controls in the cloud for their ephemeral analytic workloads in a multi-cluster cloud environment without sacrificing any of the data security and privacy/compliance needs that their business context demands. Additionally, we will outline some use cases and patterns as well as best practices to rationally manage such a multi-cluster data lake infrastructure in the cloud. Speaker: Jeff Sposetti, Product Management, Hortonworks

DataWorks Summit
DataWorks Summit
Publicité
Publicité
Publicité

Recommandé

Treat your enterprise data lake indigestion: Enterprise ready security and go...Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...DataWorks Summit1.6K vues33 diapositives
Enabling Modern Application Architecture using Data.gov open government dataEnabling Modern Application Architecture using Data.gov open government data
Enabling Modern Application Architecture using Data.gov open government dataDataWorks Summit287 vues5 diapositives
Hybrid Data Platform Hybrid Data Platform
Hybrid Data Platform DataWorks Summit/Hadoop Summit2.2K vues12 diapositives
Leveraging docker for hadoop build automation and big data stack provisioningLeveraging docker for hadoop build automation and big data stack provisioning
Leveraging docker for hadoop build automation and big data stack provisioningEvans Ye852 vues63 diapositives
Realizing the Promise of Portable Data Processing with Apache BeamRealizing the Promise of Portable Data Processing with Apache Beam
Realizing the Promise of Portable Data Processing with Apache BeamDataWorks Summit857 vues61 diapositives
Cloudy with a chance of Hadoop - real world considerationsCloudy with a chance of Hadoop - real world considerations
Cloudy with a chance of Hadoop - real world considerationsDataWorks Summit575 vues28 diapositives

Contenu connexe

Présentations pour vous(20)

From Insights to Value - Building a Modern Logical Data Lake to Drive User Ad...From Insights to Value - Building a Modern Logical Data Lake to Drive User Ad...
From Insights to Value - Building a Modern Logical Data Lake to Drive User Ad...
DataWorks Summit367 vues
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
DataWorks Summit206 vues
Insights into Real-world Data Management ChallengesInsights into Real-world Data Management Challenges
Insights into Real-world Data Management Challenges
DataWorks Summit2.2K vues
Accelerating Big Data InsightsAccelerating Big Data Insights
Accelerating Big Data Insights
DataWorks Summit581 vues
HAWQ Meets Hive - Querying Unmanaged DataHAWQ Meets Hive - Querying Unmanaged Data
HAWQ Meets Hive - Querying Unmanaged Data
DataWorks Summit847 vues
Big Data in the Cloud - The What, Why and How from the ExpertsBig Data in the Cloud - The What, Why and How from the Experts
Big Data in the Cloud - The What, Why and How from the Experts
DataWorks Summit/Hadoop Summit891 vues
Startup Case Study: Leveraging the Broad Hadoop Ecosystem to Develop World-Fi...Startup Case Study: Leveraging the Broad Hadoop Ecosystem to Develop World-Fi...
Startup Case Study: Leveraging the Broad Hadoop Ecosystem to Develop World-Fi...
DataWorks Summit687 vues
Dancing elephants - efficiently working with object stores from Apache Spark ...Dancing elephants - efficiently working with object stores from Apache Spark ...
Dancing elephants - efficiently working with object stores from Apache Spark ...
DataWorks Summit764 vues
Accelerate Your Big Data Analytics Efforts with SAS and HadoopAccelerate Your Big Data Analytics Efforts with SAS and Hadoop
Accelerate Your Big Data Analytics Efforts with SAS and Hadoop
DataWorks Summit1.1K vues
Saving the elephant—now, not laterSaving the elephant—now, not later
Saving the elephant—now, not later
DataWorks Summit335 vues
Dynamic DDL: Adding structure to streaming IoT data on the flyDynamic DDL: Adding structure to streaming IoT data on the fly
Dynamic DDL: Adding structure to streaming IoT data on the fly
DataWorks Summit1.4K vues
GeoWave: Open Source Geospatial/Temporal/N-dimensional Indexing for Accumulo,...GeoWave: Open Source Geospatial/Temporal/N-dimensional Indexing for Accumulo,...
GeoWave: Open Source Geospatial/Temporal/N-dimensional Indexing for Accumulo,...
DataWorks Summit669 vues
Implementing Security on a Large Multi-Tenant Cluster the Right WayImplementing Security on a Large Multi-Tenant Cluster the Right Way
Implementing Security on a Large Multi-Tenant Cluster the Right Way
DataWorks Summit452 vues
LLAP: Sub-Second Analytical Queries in HiveLLAP: Sub-Second Analytical Queries in Hive
LLAP: Sub-Second Analytical Queries in Hive
DataWorks Summit/Hadoop Summit6.2K vues
A New "Sparkitecture" for modernizing your data warehouseA New "Sparkitecture" for modernizing your data warehouse
A New "Sparkitecture" for modernizing your data warehouse
DataWorks Summit/Hadoop Summit980 vues
How to Use Innovative Data Handling and Processing Techniques to Drive Alpha ...How to Use Innovative Data Handling and Processing Techniques to Drive Alpha ...
How to Use Innovative Data Handling and Processing Techniques to Drive Alpha ...
DataWorks Summit434 vues
Ravi Namboori 's Open stack framework introductionRavi Namboori 's Open stack framework introduction
Ravi Namboori 's Open stack framework introduction
Ravi namboori704 vues
Securing Data in Hadoop at UberSecuring Data in Hadoop at Uber
Securing Data in Hadoop at Uber
DataWorks Summit980 vues
Cloudy with a Chance of Hadoop - Real World ConsiderationsCloudy with a Chance of Hadoop - Real World Considerations
Cloudy with a Chance of Hadoop - Real World Considerations
DataWorks Summit/Hadoop Summit360 vues
Apache Ignite vs Alluxio: Memory Speed Big Data AnalyticsApache Ignite vs Alluxio: Memory Speed Big Data Analytics
Apache Ignite vs Alluxio: Memory Speed Big Data Analytics
DataWorks Summit7.8K vues

Similaire à Built-In Security for the Cloud(20)

Dancing Elephants - Efficiently Working with Object Stores from Apache Spark ...Dancing Elephants - Efficiently Working with Object Stores from Apache Spark ...
Dancing Elephants - Efficiently Working with Object Stores from Apache Spark ...
DataWorks Summit2.6K vues
Moving towards enterprise ready Hadoop clusters on the cloudMoving towards enterprise ready Hadoop clusters on the cloud
Moving towards enterprise ready Hadoop clusters on the cloud
DataWorks Summit/Hadoop Summit1.7K vues
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache KnoxFortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
DataWorks Summit495 vues
Introduction to the Hadoop EcoSystemIntroduction to the Hadoop EcoSystem
Introduction to the Hadoop EcoSystem
Shivaji Dutta1.8K vues
Curb your insecurity with HDP - Tips for a Secure ClusterCurb your insecurity with HDP - Tips for a Secure Cluster
Curb your insecurity with HDP - Tips for a Secure Cluster
ahortonworks416 vues
Micro services vs hadoopMicro services vs hadoop
Micro services vs hadoop
Gergely Devenyi3.6K vues
Big data spain keynote nov 2016Big data spain keynote nov 2016
Big data spain keynote nov 2016
alanfgates718 vues
Enabling Apache Spark for Hybrid CloudEnabling Apache Spark for Hybrid Cloud
Enabling Apache Spark for Hybrid Cloud
Alluxio, Inc.95 vues
Realtime analytics + hadoop 2.0Realtime analytics + hadoop 2.0
Realtime analytics + hadoop 2.0
Rommel Garcia1.8K vues
Realtime Analytics in HadoopRealtime Analytics in Hadoop
Realtime Analytics in Hadoop
Rommel Garcia805 vues
Cloudbreak - Technical Deep DiveCloudbreak - Technical Deep Dive
Cloudbreak - Technical Deep Dive
DataWorks Summit/Hadoop Summit1.7K vues
The Enterprise and Connected Data, Trends in the Apache Hadoop Ecosystem by A...The Enterprise and Connected Data, Trends in the Apache Hadoop Ecosystem by A...
The Enterprise and Connected Data, Trends in the Apache Hadoop Ecosystem by A...
Big Data Spain495 vues
Hadoop Present - Open Enterprise HadoopHadoop Present - Open Enterprise Hadoop
Hadoop Present - Open Enterprise Hadoop
Yifeng Jiang4.3K vues
Cloudy with a chance of Hadoop - DataWorks Summit 2017 San JoseCloudy with a chance of Hadoop - DataWorks Summit 2017 San Jose
Cloudy with a chance of Hadoop - DataWorks Summit 2017 San Jose
Mingliang Liu291 vues
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop Security
DataWorks Summit4.2K vues
Hortonworks - What's Possible with a Modern Data Architecture?Hortonworks - What's Possible with a Modern Data Architecture?
Hortonworks - What's Possible with a Modern Data Architecture?
Hortonworks2.6K vues
Cloud Austin Meetup - Hadoop like a championCloud Austin Meetup - Hadoop like a champion
Cloud Austin Meetup - Hadoop like a champion
Ameet Paranjape650 vues
Open-BDA Hadoop Summit 2014 - Mr. Slim Baltagi (Building a Modern Data Archit...Open-BDA Hadoop Summit 2014 - Mr. Slim Baltagi (Building a Modern Data Archit...
Open-BDA Hadoop Summit 2014 - Mr. Slim Baltagi (Building a Modern Data Archit...
Innovative Management Services 1.3K vues
Hadoop securityHadoop security
Hadoop security
Shivaji Dutta5.3K vues
Rescue your Big Data from Downtime with HP Operations Bridge and Apache HadoopRescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
Rescue your Big Data from Downtime with HP Operations Bridge and Apache Hadoop
Hortonworks3K vues
Publicité

Plus de DataWorks Summit(20)

Data Science Crash CourseData Science Crash Course
Data Science Crash Course
DataWorks Summit19.2K vues
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
DataWorks Summit2.8K vues
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiTracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
DataWorks Summit2K vues
HBase Tales From the Trenches - Short stories about most common HBase operati...HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...
DataWorks Summit1.8K vues
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
DataWorks Summit1.5K vues
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal System
DataWorks Summit997 vues
Practical NoSQL: Accumulo's dirlist ExamplePractical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist Example
DataWorks Summit831 vues
HBase Global Indexing to support large-scale data ingestion at UberHBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at Uber
DataWorks Summit908 vues
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixScaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
DataWorks Summit712 vues
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
DataWorks Summit1.2K vues
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability Improvements
DataWorks Summit1.8K vues
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
DataWorks Summit1.1K vues
Presto: Optimizing Performance of SQL-on-Anything EnginePresto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything Engine
DataWorks Summit1.8K vues
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
DataWorks Summit3.1K vues
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit1K vues
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
DataWorks Summit3.9K vues
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerSecuring Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
DataWorks Summit871 vues
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
DataWorks Summit752 vues
Computer Vision: Coming to a Store Near YouComputer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near You
DataWorks Summit213 vues
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkBig Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
DataWorks Summit609 vues

Dernier(20)

re:Invent ARC307 - Serverless architectural patterns and best practices.pdfre:Invent ARC307 - Serverless architectural patterns and best practices.pdf
re:Invent ARC307 - Serverless architectural patterns and best practices.pdf
Heitor Lessa0 vue
5 key ideas for robust and flexible REST API integrations with Apex, Lucian M...5 key ideas for robust and flexible REST API integrations with Apex, Lucian M...
5 key ideas for robust and flexible REST API integrations with Apex, Lucian M...
CzechDreamin0 vue
social_engineering.pptxsocial_engineering.pptx
social_engineering.pptx
alexadejumo0 vue
Extended DNS ErrorsExtended DNS Errors
Extended DNS Errors
Andreas Taudte0 vue
BILL PAYMENT KIOSKBILL PAYMENT KIOSK
BILL PAYMENT KIOSK
PanashiFZCO10 vue
AWS Community Day Ireland - Building roads and bridges in the last decade of ...AWS Community Day Ireland - Building roads and bridges in the last decade of ...
AWS Community Day Ireland - Building roads and bridges in the last decade of ...
Heitor Lessa0 vue
Chapter_1_.pptxChapter_1_.pptx
Chapter_1_.pptx
javairiaimran10 vue
17-multimediainformationandmedia-171027022657-converted.pptx17-multimediainformationandmedia-171027022657-converted.pptx
17-multimediainformationandmedia-171027022657-converted.pptx
Lyka Gumatay0 vue
Restriction Rules – The Whole Picture, Louise LockieRestriction Rules – The Whole Picture, Louise Lockie
Restriction Rules – The Whole Picture, Louise Lockie
CzechDreamin0 vue
Exploring the Capabilities of ChatGPT.docxExploring the Capabilities of ChatGPT.docx
Exploring the Capabilities of ChatGPT.docx
DlgSfz0 vue
re:Invent OPN306 AWS Lambda Powertools Lessons 10M downloads.pdfre:Invent OPN306 AWS Lambda Powertools Lessons 10M downloads.pdf
re:Invent OPN306 AWS Lambda Powertools Lessons 10M downloads.pdf
Heitor Lessa0 vue
Report & Dashboard REST API : Get your report accessible anywhere !, Romain Q...Report & Dashboard REST API : Get your report accessible anywhere !, Romain Q...
Report & Dashboard REST API : Get your report accessible anywhere !, Romain Q...
CzechDreamin0 vue
Common network attacks To prevent FromCommon network attacks To prevent From
Common network attacks To prevent From
deorwine infotech0 vue
9-current-andfuture-trendsofmediaandinformation-170830071432-converted.pptx9-current-andfuture-trendsofmediaandinformation-170830071432-converted.pptx
9-current-andfuture-trendsofmediaandinformation-170830071432-converted.pptx
Lyka Gumatay0 vue
AWS Lambda Powertools walkthrough.pdfAWS Lambda Powertools walkthrough.pdf
AWS Lambda Powertools walkthrough.pdf
Heitor Lessa0 vue
HAVOC-Workshop-Slides.pptxHAVOC-Workshop-Slides.pptx
HAVOC-Workshop-Slides.pptx
seed4mexyz0 vue
Bring the Modern and Seamless User Experience You Deserve to HCL NomadBring the Modern and Seamless User Experience You Deserve to HCL Nomad
Bring the Modern and Seamless User Experience You Deserve to HCL Nomad
panagenda0 vue
Storybook, the best friend we all needStorybook, the best friend we all need
Storybook, the best friend we all need
AnnaSala220 vue
DNS Security StrategyDNS Security Strategy
DNS Security Strategy
Andreas Taudte0 vue
HA and DR Architecture for HANA on Power Deck - 2022-Nov-21.PPTXHA and DR Architecture for HANA on Power Deck - 2022-Nov-21.PPTX
HA and DR Architecture for HANA on Power Deck - 2022-Nov-21.PPTX
ThinL3899170 vue
Publicité

Built-In Security for the Cloud

  1. 1 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Built-in Security For The Cloud DataWorks Summit Sydney September 2017
  2. 2 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Presenters Jeff Sposetti Senior Director of Product Management, Cloud Hortonworks Data Cloud, Cloudbreak
  3. 3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda  Introduction  Quick Demo  Security Building Blocks: Apache Ranger and Knox  Bringing It Together: Cloud and Data Lake Security  Longer Demo  Wrap Up  Q & A
  4. 4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Background: Ephemeral Workloads + Cloud Storage  Cloud is driving more ephemeral data processing use cases  Cloud requires a robust integration with cloud storage CLOUD STORAGE S3 ADLS WASB WORKLOAD CLUSTERS Durable Ephemeral
  5. 5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Background: Hortonworks Data Cloud for AWS  Focuses on business agility, rather than infinite configurability and cluster management  Addresses prescriptive, ephemeral use cases around Apache Spark + Apache Hive  Pre-tuned and configured for use with Amazon S3 Learn more: http://hortonworks.com/products/cloud/aws/
  6. 6 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Quick demo…
  7. 7 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Security Building Blocks: Apache Ranger and Knox
  8. 8 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Protecting the Elephant in the Castle….. Kerberos, Wire Encryption HDFS Encryption Apache Ranger Network Segmentation, Firewalls LDAP/AD Apache Knox
  9. 9 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Apache Knox Proxying Services ★ Provide access to Hadoop via proxying of HTTP resources ★ Ecosystem APIs and UIs + Hadoop oriented dispatching for Kerberos + doAs (impersonation) etc. Authentication Services ★ REST API access, WebSSO flow for UIs ★ LDAP/AD, Header based PreAuth ★ Kerberos, SAML, OAuth Client DSL/SDK Services ★ Scripting through DSL ★ Using Knox Shell classes directly as SDK
  10. 10 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Apache Ranger Comprehensive and Extensible Security Model • Centralized platform to define, administer and manage security policies across Hadoop components (HDFS, Hive, HBase, YARN, Kafka, Solr, Storm, Knox, NiFi, Atlas) • Extensible Architecture with ability to add custom policy conditions, user context enrichers Fine-Grained Authorization • For data access control for Database, Table, Column, LDAP Groups & Specific Users Centralized Auditing • Central audit location for all access requests • Support multiple destination sources (HDFS, Solr, etc.) • Real-time visual query interface Advanced Security • Dynamic Security Policies: Prohibition, Time, Location and Tag (Atlas) • Dynamic Column Masking & Row Filtering OPERATIONS SECURITY GOVERNANCE STORAGE STORAGE Machine Learning Batch StreamingInteractive Search SECURITY
  11. 11 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Bringing It Together: Cloud and Data Lake Services
  12. 12 © Hortonworks Inc. 2011 – 2017. All Rights Reserved CLOUD DATA LAKE SECURITY
  13. 13 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Key Components for Enterprise Security SCHEMA POLICY AUDIT DIRECTORY WHAT Provides Hive schema (tables, views, etc). WHY If you have 2+ workloads accessing the same data, need to share schema across those workloads. HOW Externalize Hive Metastore into for schema definition. WHAT Defines security policies around Hive schema. WHY If you have 2+ users accessing the same data, need policies to be consistently available and enforced. HOW Externalize and share Ranger across workloads and store policies external. WHAT Audit user access. WHY Capture data access activity. HOW Externalize and share Ranger across workloads, leverage cloud storage for audit data. GATEWAY WHAT Provide single endpoint that can be protected with SSL and enabled for authentication to access to cluster resources. WHY Avoid opening many ports, some potentially w/o authentication or SSL protection. HOW Deploy a centralized protected gateway automatically. WHAT Users and groups. WHY Provide authentication source for users and authorization source for groups. HOW Leverage external LDAP or Active Directory.
  14. 14 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ephemeral Workloads: With Enterprise Security Ephemeral Enterprise Security Tuned and Optimized Infrastructure Simplified, Automated Operations S3 Integration Protected Network Access Schema Shared (Hive Metastore) Shared (Hive Metastore) Authentication Single-user Multi-User (LDAP/AD) Authorization - Security Policies (Ranger) Audit - Audit (Ranger)
  15. 15 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ephemeral Workloads + Cloud Storage + Shared “Data Lake” Services CLOUD STORAGE S3 ADLS WASB WORKLOAD CLUSTERS Durable Ephemeral SHARED DATA LAKE SERVICES Metastore SCHEMA Long Running Define your data schema and security policies once for your ephemeral and always-on workloads Ranger POLICY Security access to workload clusters via a Protected Gateway enabled for AuthN and HTTPS.
  16. 16 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Shared Schema: Hive Metastore  Register external “Amazon RDS” instances to use with Hive Metastore  Preserve Hive schema across multiple ephemeral clusters
  17. 17 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Protected Network Access: Knox
  18. 18 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Shared Security Policies: Ranger  Create a set of “Shared Data Lake Services”  Preserve Ranger Security Policies across multiple ephemeral clusters
  19. 19 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Deployment Architecture Access your cluster components through the protected gateway via SSL on port 443 open on the controller security group. CONTROLLER PROTECTED GATEWAY USER ACCESS Zeppelin HIVE LLAP / SPARK WORKLOADS Hive LLAP SHARED DATA LAKE SERVICES Ranger POLICY (RDS) AUDIT (S3) SCHEMA (RDS) DIRECTORY (LDAP/AD) Spark Hive Metastore
  20. 20 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Hortonworks Data Cloud + Shared Data Lake Services 1 2 3 Register an Authentication Source (i.e. LDAP/AD). Create a “Shared Data Lake”, specify S3 Bucket & RDS. When you create a cluster, ”attach” to the Shared Data Lake Services: • for Multi-User AuthN (LDAP/AD) • for AuthZ + Audit (Ranger) • for Schema (Hive Metastore) PREREQUISITES • LDAP/AD • S3 Bucket • RDS Instance
  21. 21 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Longer demo…
  22. 22 © Hortonworks Inc. 2011 – 2017. All Rights Reserved General Guidelines  Think Ephemeral. All of your data and metadata in S3 and RDS respectively, do not create tables or files in the local HDFS.  The Hive warehouse is setup to be on S3 for data lakes, create tables in this location instead of individual S3 buckets, it will make them easier to manage.  Use Hive “external tables” for tables that are outside this warehouse, typically if the data is being ingested through some path outside of Hadoop  Create S3 bucket policies that exactly match usage so that you can spin up clusters with the least privilege.
  23. 23 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Wrap Up
  24. 24 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Takeaways  Cloud driving more ephemeral data processing use cases  Ephemeral workloads leverage cloud storage  This pattern is driving an architectural approach for “Shared Data Lake Services”  Building blocks are Apache Ranger and Apache Knox Resource Link Hortonworks Data Cloud https://hortonworks.com/products/cloud/aws/ Apache Ranger https://hortonworks.com/apache/ranger/ Apache Knox https://hortonworks.com/apache/knox-gateway/
  25. 25 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Learn More Enterprise ready security and governance for Hadoop ecosystem Breakout Session Thursday, September 21 @ 3:10p https://dataworkssummit.com/sydney- 2017/sessions/treat-your-enterprise-data-lake- indigestion-enterprise-ready-security-and-governance- for-hadoop-ecosystem Security, Governance and Cybersecurity Bird of a Feather Thursday, September 21 @ 6:00p https://dataworkssummit.com/sydney-2017/birds-of-a- feather/security-governance-cybersecurity/
  26. 26 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Thank You https://hortonworks.com/products/cloud/aws/ https://hortonworks.com/apache/ranger/ https://hortonworks.com/apache/atlas/
Publicité