SlideShare une entreprise Scribd logo

The Shared Elephant - Hadoop as a Shared Service for Multiple Departments – Impetus White Paper

Impetus Technologies
Impetus Technologies

For Impetus’ White Papers archive, visit- http://lf1.me/drb/ This white paper talks about the design considerations for enterprises to run Hadoop as a shared service for multiple departments. As Hadoop becomes more mainstream and indispensable to enterprises, it is imperative that they build, operate and scale shared Hadoop clusters. The design considerations discussed in this paper will help enterprises accomplish the essential mission of running multi-tenant, multi-use Hadoop clusters at scale. The white paper talks about Identity, Security, Resource Sharing, Monitoring and Operations on the Central Service. For Impetus’ White Papers archive, visit- http://lf1.me/drb/

TechnologieBusiness
1  sur  5
The Shared Elephant A Shared Central Big Data Repository This white paper talks about the design considerations for enterprises to run Hadoop as a shared service for multiple departments. www.impetus.com
Introduction Running an Enterprise Big Data repository requires significant investment in Learn about the considerations for Enterprises to use Hadoop as a shared service for multiple applications and business units. Read about Identity, Security, Resource Sharing, Monitoring and Operations on the Central Service. resources. A dedicated cluster for each department is cost-prohibitive, leading to the creation of Big Data silos and underutilization of cluster resources. Enterprises that run Hadoop at scale should allow Hadoop clusters to be shared by different business units. They must also support multiple use cases as well as a checkin/checkout model for an analytic block of works. We cover some design considerations for identity management, security, resource sharing and monitoring that are essential to build a secure, robust, highly available and shared central Big Data repository. Identity Security is of paramount concern in a shared, multi-tenant environment. Early versions of Hadoop had rudimentary security features, essentially relying on a fair use policy in a trusted environment. Recent versions of Hadoop have added significant identity management features. Let us explore a couple of these in detail. Kerberos Kerberos provides authentication and authorization services. The Kerberos mechanism provides stronger authentication in a more secure fashion than what was available in earlier versions of Hadoop. All clients have to authenticate with a central Kerberos service. Kerberos provides role-based access control and privilege enforcement. Kerberos enforces authentication of data node daemons with the parent services (name node and job tracker). Authentication prevents rogue data nodes from connecting to the parent services and compromising the data stored in the cluster. (Refer to the figure below that demonstrates how Hadoop Kerberos Key Distribution Center Kerberos Authentication works.) Authentication Service Request Session Ticket Session Ticket & Session Key Data Node Name Node Task Tracker HDFS Layer HDFS Data Tenant 1 Job Tracker Task Tracker M/R Layer Tenant 2 Data Node Parent Services Task Tracker HDFS Data Tenant 3 Hadoop Cluster 2 Data Node Hadoop Kerberos Authentication HDFS Data
Lightweight Directory Access Protocol (LDAP) Integration LDAP can be used to create user accounts in all of the data nodes. This provides fine-grained access control policies and prevents privilege escalation attacks. Security Hadoop has several security features as listed below: • Running data node daemons on privileged ports. • Running tasks as the job owner instead of the task tracker daemon user. This prevents other users from changing the job and also viewing the local task data. • Preventing users other than the job owner to look at map outputs. • Restricting a task to only communicate with its parent task tracker to prevent rogue users from inspecting map input data. Data Security Hadoop does not natively integrate with data-at-rest encryption solutions. However, the Intel distribution of Hadoop provides fast encryption using Intel hardware enhancements. Hadoop 2.0 provides SSL transport between Hadoop daemons and during the shuffle phase. Sharing Resources Allocating shared resources to different users and groups in a fair and efficient manner poses some unique challenges in Hadoop. Hadoop does not provide policies and SLAs that are typical of shared systems. Hadoop presents the storage layer (HDFS) as a single shared resource but the computational layer (MapReduce) requires some fine-tuning for optimal results. Nevertheless, here are some recommendations on running a user-friendly shared Hadoop cluster. Resource Usage Limits • HDFS Quotas: HDFS provides name quotas and file quotas. Both are very useful to enforce sensible limits on HDFS usage. Designing a sensible shared directory structure is important, since quotas are set at either file or directory level. It is a good practice to have a common directory that is shared across groups and separate quota-limited directories for each group in a shared cluster. • Task Slots: Task slots are configured on a per node basis. They take into account the total capacity of the cluster. Individual jobs are then monitored to determine the number of mappers. A multiple of the number of map slots is the recommended practice. 3
Scheduling Hadoop provides different schedulers as plug-ins. That said, not all schedulers are created equal. The FIFO scheduler should not be used as it can lead to significant resource underutilization and job starving. The fair scheduler is a good option for a dedicated cluster but may lead to resource contention in a shared environment. The capacity scheduler is the optimal choice for a shared cluster. The capacity scheduler provides multi-tenancy controls that prevent a user or a group of users from overwhelming the cluster. It also provides capacity guarantees through soft limits and enforceable hard limits. The capacity scheduler additionally improves security by providing ACLs for job queues. Monitoring Hadoop provides good monitoring options. We recommend using Ganglia or similar monitoring for production clusters. JMX monitoring should also be enabled. Recent versions of Hadoop ship with the more flexible metrics2 framework for metrics collection. Using metrics2 in the Ganglia context provides valuable insight into cluster usage. Oozie workflows also enables SLA tracking, which is important for a shared cluster. Operations We have discussed several operational considerations such as security, optimal resource sharing and monitoring. In addition to these, the operations team needs to build a proactive ‘service’ approach that addresses the full range of service components present in a Hadoop environment. Each of these components is a potential point of failure. Operations needs to shift from passive monitoring to actively meeting SLAs in a new distributed environment. This shift in focus necessitates a new organizational culture in addition to operational excellence. Operational Excellence Operational excellence for a shared cluster is not just about cluster health and uptime. Service metrics such as job completion rate, resource sharing and meeting SLAs is also significant. It is important to operationalize the aspects of identity, security, resource sharing and monitoring discussed above. To accomplish these, Hadoop operations need to perform regular audits, fire drills and ensure well documented processes and procedures. A runbook-based troubleshooting guide and well formulated support levels (Level 1, Level 2, and Level 3) with an easy escalation procedure are also required. If SLAs mandate limited service interruption, then the runbooks should have maximum resolution times and mandatory escalation based on severity and time-sensitive resolution. Operational excellence is a function of all of the above. 4
Summary Design considerations for multi-tenant, multi-use Hadoop clusters are: • Design for security as part of the initial cluster planning. • Implement user-friendly resource sharing while meeting SLAs. • Use the Capacity Scheduler. • Monitor service metrics in addition to cluster metrics. • Institutionalize operational excellence through streamlined procedures and by cultivating a service mindset. As Hadoop becomes more mainstream and indispensable to enterprises, it is imperative that they build, operate and scale shared Hadoop clusters. The design considerations discussed in this paper will help enterprises accomplish the essential mission of running multi-tenant, multi-use Hadoop clusters at scale. About Impetus © 2013 Impetus Technologies, Inc. Impetus Technologies is a leading provider of Big Data solutions for the All rights reserved. Product and Fortune 500®. We help customers effectively manage the “3-Vs” of Big Data company names mentioned herein and create new business insights across their enterprises. may be trademarks of their respective companies. Oct 2013 #52991 Visit http://bigdata.impetus.com or write to us at bigdata@impetus.com

Recommandé

Virtualized Hadoop
Virtualized HadoopVirtualized Hadoop
Virtualized Hadoop
Joey Jablonski
 
What the Enterprise Requires - Business Continuity and Visibility
What the Enterprise Requires - Business Continuity and VisibilityWhat the Enterprise Requires - Business Continuity and Visibility
What the Enterprise Requires - Business Continuity and Visibility
Cloudera, Inc.
 
Hadoop Security
Hadoop SecurityHadoop Security
Hadoop Security
Suresh Mandava
 
clusterstor-hadoop-data-sheet
clusterstor-hadoop-data-sheetclusterstor-hadoop-data-sheet
clusterstor-hadoop-data-sheet
Andrei Khurshudov
 
Hybrid Data Platform
Hybrid Data Platform Hybrid Data Platform
Hybrid Data Platform
DataWorks Summit/Hadoop Summit
 
End-to-End Security and Auditing in a Big Data as a Service Deployment
End-to-End Security and Auditing in a Big Data as a Service DeploymentEnd-to-End Security and Auditing in a Big Data as a Service Deployment
End-to-End Security and Auditing in a Big Data as a Service Deployment
DataWorks Summit/Hadoop Summit
 
A New "Sparkitecture" for modernizing your data warehouse
A New "Sparkitecture" for modernizing your data warehouseA New "Sparkitecture" for modernizing your data warehouse
A New "Sparkitecture" for modernizing your data warehouse
DataWorks Summit/Hadoop Summit
 
Hadoop in the Cloud - The what, why and how from the experts
Hadoop in the Cloud - The what, why and how from the expertsHadoop in the Cloud - The what, why and how from the experts
Hadoop in the Cloud - The what, why and how from the experts
DataWorks Summit/Hadoop Summit
 

Recommandé

Virtualized Hadoop
Virtualized HadoopVirtualized Hadoop
Virtualized Hadoop
Joey Jablonski
 
What the Enterprise Requires - Business Continuity and Visibility
What the Enterprise Requires - Business Continuity and VisibilityWhat the Enterprise Requires - Business Continuity and Visibility
What the Enterprise Requires - Business Continuity and Visibility
Cloudera, Inc.
 
Hadoop Security
Hadoop SecurityHadoop Security
Hadoop Security
Suresh Mandava
 
clusterstor-hadoop-data-sheet
clusterstor-hadoop-data-sheetclusterstor-hadoop-data-sheet
clusterstor-hadoop-data-sheet
Andrei Khurshudov
 
Hybrid Data Platform
Hybrid Data Platform Hybrid Data Platform
Hybrid Data Platform
DataWorks Summit/Hadoop Summit
 
End-to-End Security and Auditing in a Big Data as a Service Deployment
End-to-End Security and Auditing in a Big Data as a Service DeploymentEnd-to-End Security and Auditing in a Big Data as a Service Deployment
End-to-End Security and Auditing in a Big Data as a Service Deployment
DataWorks Summit/Hadoop Summit
 
A New "Sparkitecture" for modernizing your data warehouse
A New "Sparkitecture" for modernizing your data warehouseA New "Sparkitecture" for modernizing your data warehouse
A New "Sparkitecture" for modernizing your data warehouse
DataWorks Summit/Hadoop Summit
 
Hadoop in the Cloud - The what, why and how from the experts
Hadoop in the Cloud - The what, why and how from the expertsHadoop in the Cloud - The what, why and how from the experts
Hadoop in the Cloud - The what, why and how from the experts
DataWorks Summit/Hadoop Summit
 
The Time Has Come for Big-Data-as-a-Service
The Time Has Come for Big-Data-as-a-ServiceThe Time Has Come for Big-Data-as-a-Service
The Time Has Come for Big-Data-as-a-Service
BlueData, Inc.
 
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?
DataWorks Summit/Hadoop Summit
 
hadoop exp
hadoop exphadoop exp
hadoop exp
Venkata Ramakumar Maturu
 
Hadoop Virtualization - Intel White Paper
Hadoop Virtualization - Intel White PaperHadoop Virtualization - Intel White Paper
Hadoop Virtualization - Intel White Paper
BlueData, Inc.
 
Advanced Security In Hadoop Cluster
Advanced Security In Hadoop ClusterAdvanced Security In Hadoop Cluster
Advanced Security In Hadoop Cluster
Edureka!
 
Light-weighted HDFS disaster recovery
Light-weighted HDFS disaster recoveryLight-weighted HDFS disaster recovery
Light-weighted HDFS disaster recovery
DataWorks Summit
 
Scheduling Policies in YARN
Scheduling Policies in YARNScheduling Policies in YARN
Scheduling Policies in YARN
DataWorks Summit/Hadoop Summit
 
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaBig Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Caserta
 
Migrating Analytics to the Cloud at Fannie Mae
Migrating Analytics to the Cloud at Fannie MaeMigrating Analytics to the Cloud at Fannie Mae
Migrating Analytics to the Cloud at Fannie Mae
DataWorks Summit
 
Apache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real TimeApache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real Time
DataWorks Summit/Hadoop Summit
 
Big Data Simplified - Is all about Ab'strakSHeN
Big Data Simplified - Is all about Ab'strakSHeNBig Data Simplified - Is all about Ab'strakSHeN
Big Data Simplified - Is all about Ab'strakSHeN
DataWorks Summit
 
Apache Ranger Hive Metastore Security
Apache Ranger Hive Metastore Security Apache Ranger Hive Metastore Security
Apache Ranger Hive Metastore Security
DataWorks Summit/Hadoop Summit
 
The DAP - Where YARN, HBase, Kafka and Spark go to Production
The DAP - Where YARN, HBase, Kafka and Spark go to ProductionThe DAP - Where YARN, HBase, Kafka and Spark go to Production
The DAP - Where YARN, HBase, Kafka and Spark go to Production
DataWorks Summit/Hadoop Summit
 
The hadoop ecosystem table
The hadoop ecosystem tableThe hadoop ecosystem table
The hadoop ecosystem table
Mohamed Magdy
 
Best Practices for Deploying Hadoop (BigInsights) in the Cloud
Best Practices for Deploying Hadoop (BigInsights) in the CloudBest Practices for Deploying Hadoop (BigInsights) in the Cloud
Best Practices for Deploying Hadoop (BigInsights) in the Cloud
Leons Petražickis
 
Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)
Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)
Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)
Cedric CARBONE
 
Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...
Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...
Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...
EMC
 
Hadoop first ETL on Apache Falcon
Hadoop first ETL on Apache FalconHadoop first ETL on Apache Falcon
Hadoop first ETL on Apache Falcon
DataWorks Summit
 
Solution Brief: Big Data Lab Accelerator
Solution Brief: Big Data Lab AcceleratorSolution Brief: Big Data Lab Accelerator
Solution Brief: Big Data Lab Accelerator
BlueData, Inc.
 
What's new in apache hive
What's new in apache hive What's new in apache hive
What's new in apache hive
DataWorks Summit
 
Data Lake - Multitenancy Best Practices
Data Lake - Multitenancy Best PracticesData Lake - Multitenancy Best Practices
Data Lake - Multitenancy Best Practices
CitiusTech
 
Big Data Analytics With Hadoop
Big Data Analytics With HadoopBig Data Analytics With Hadoop
Big Data Analytics With Hadoop
Umair Shafique
 

Contenu connexe

Tendances

The Time Has Come for Big-Data-as-a-Service
The Time Has Come for Big-Data-as-a-ServiceThe Time Has Come for Big-Data-as-a-Service
The Time Has Come for Big-Data-as-a-Service
BlueData, Inc.
 
Hadoop Virtualization - Intel White Paper
Hadoop Virtualization - Intel White PaperHadoop Virtualization - Intel White Paper
Hadoop Virtualization - Intel White Paper
BlueData, Inc.
 
Light-weighted HDFS disaster recovery
Light-weighted HDFS disaster recoveryLight-weighted HDFS disaster recovery
Light-weighted HDFS disaster recovery
DataWorks Summit
 
Migrating Analytics to the Cloud at Fannie Mae
Migrating Analytics to the Cloud at Fannie MaeMigrating Analytics to the Cloud at Fannie Mae
Migrating Analytics to the Cloud at Fannie Mae
DataWorks Summit
 
Hadoop first ETL on Apache Falcon
Hadoop first ETL on Apache FalconHadoop first ETL on Apache Falcon
Hadoop first ETL on Apache Falcon
DataWorks Summit
 
Solution Brief: Big Data Lab Accelerator
Solution Brief: Big Data Lab AcceleratorSolution Brief: Big Data Lab Accelerator
Solution Brief: Big Data Lab Accelerator
BlueData, Inc.
 
What's new in apache hive
What's new in apache hive What's new in apache hive
What's new in apache hive
DataWorks Summit
 

Tendances (20)

The Time Has Come for Big-Data-as-a-Service
The Time Has Come for Big-Data-as-a-ServiceThe Time Has Come for Big-Data-as-a-Service
The Time Has Come for Big-Data-as-a-Service
 
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?
 
hadoop exp
hadoop exphadoop exp
hadoop exp
 
Hadoop Virtualization - Intel White Paper
Hadoop Virtualization - Intel White PaperHadoop Virtualization - Intel White Paper
Hadoop Virtualization - Intel White Paper
 
Advanced Security In Hadoop Cluster
Advanced Security In Hadoop ClusterAdvanced Security In Hadoop Cluster
Advanced Security In Hadoop Cluster
 
Light-weighted HDFS disaster recovery
Light-weighted HDFS disaster recoveryLight-weighted HDFS disaster recovery
Light-weighted HDFS disaster recovery
 
Scheduling Policies in YARN
Scheduling Policies in YARNScheduling Policies in YARN
Scheduling Policies in YARN
 
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by ClouderaBig Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
Big Data Warehousing Meetup: Securing the Hadoop Ecosystem by Cloudera
 
Migrating Analytics to the Cloud at Fannie Mae
Migrating Analytics to the Cloud at Fannie MaeMigrating Analytics to the Cloud at Fannie Mae
Migrating Analytics to the Cloud at Fannie Mae
 
Apache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real TimeApache Eagle: Secure Hadoop in Real Time
Apache Eagle: Secure Hadoop in Real Time
 
Big Data Simplified - Is all about Ab'strakSHeN
Big Data Simplified - Is all about Ab'strakSHeNBig Data Simplified - Is all about Ab'strakSHeN
Big Data Simplified - Is all about Ab'strakSHeN
 
Apache Ranger Hive Metastore Security
Apache Ranger Hive Metastore Security Apache Ranger Hive Metastore Security
Apache Ranger Hive Metastore Security
 
The DAP - Where YARN, HBase, Kafka and Spark go to Production
The DAP - Where YARN, HBase, Kafka and Spark go to ProductionThe DAP - Where YARN, HBase, Kafka and Spark go to Production
The DAP - Where YARN, HBase, Kafka and Spark go to Production
 
The hadoop ecosystem table
The hadoop ecosystem tableThe hadoop ecosystem table
The hadoop ecosystem table
 
Best Practices for Deploying Hadoop (BigInsights) in the Cloud
Best Practices for Deploying Hadoop (BigInsights) in the CloudBest Practices for Deploying Hadoop (BigInsights) in the Cloud
Best Practices for Deploying Hadoop (BigInsights) in the Cloud
 
Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)
Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)
Apache Falcon : 22 Sept 2014 for Hadoop User Group France (@Criteo)
 
Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...
Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...
Pivotal: Hadoop for Powerful Processing of Unstructured Data for Valuable Ins...
 
Hadoop first ETL on Apache Falcon
Hadoop first ETL on Apache FalconHadoop first ETL on Apache Falcon
Hadoop first ETL on Apache Falcon
 
Solution Brief: Big Data Lab Accelerator
Solution Brief: Big Data Lab AcceleratorSolution Brief: Big Data Lab Accelerator
Solution Brief: Big Data Lab Accelerator
 
What's new in apache hive
What's new in apache hive What's new in apache hive
What's new in apache hive
 

Similaire à The Shared Elephant - Hadoop as a Shared Service for Multiple Departments – Impetus White Paper

HAWQ: a massively parallel processing SQL engine in hadoop
HAWQ: a massively parallel processing SQL engine in hadoopHAWQ: a massively parallel processing SQL engine in hadoop
HAWQ: a massively parallel processing SQL engine in hadoop
BigData Research
 
Untangling cluster management with Helix
Untangling cluster management with HelixUntangling cluster management with Helix
Untangling cluster management with Helix
Kishore Gopalakrishna
 
Big_SQL_3.0_Whitepaper
Big_SQL_3.0_WhitepaperBig_SQL_3.0_Whitepaper
Big_SQL_3.0_Whitepaper
Scott Gray
 

Similaire à The Shared Elephant - Hadoop as a Shared Service for Multiple Departments – Impetus White Paper (20)

Data Lake - Multitenancy Best Practices
Data Lake - Multitenancy Best PracticesData Lake - Multitenancy Best Practices
Data Lake - Multitenancy Best Practices
 
Big Data Analytics With Hadoop
Big Data Analytics With HadoopBig Data Analytics With Hadoop
Big Data Analytics With Hadoop
 
IRJET- A Study of Comparatively Analysis for HDFS and Google File System ...
IRJET- A Study of Comparatively Analysis for HDFS and Google File System ...IRJET- A Study of Comparatively Analysis for HDFS and Google File System ...
IRJET- A Study of Comparatively Analysis for HDFS and Google File System ...
 
Hadoop project design and a usecase
Hadoop project design and a usecaseHadoop project design and a usecase
Hadoop project design and a usecase
 
Big Data Analysis and Its Scheduling Policy – Hadoop
Big Data Analysis and Its Scheduling Policy – HadoopBig Data Analysis and Its Scheduling Policy – Hadoop
Big Data Analysis and Its Scheduling Policy – Hadoop
 
G017143640
G017143640G017143640
G017143640
 
Managing Big data with Hadoop
Managing Big data with HadoopManaging Big data with Hadoop
Managing Big data with Hadoop
 
Hadoop in a Nutshell
Hadoop in a NutshellHadoop in a Nutshell
Hadoop in a Nutshell
 
Infrastructure Considerations for Analytical Workloads
Infrastructure Considerations for Analytical WorkloadsInfrastructure Considerations for Analytical Workloads
Infrastructure Considerations for Analytical Workloads
 
HAWQ: a massively parallel processing SQL engine in hadoop
HAWQ: a massively parallel processing SQL engine in hadoopHAWQ: a massively parallel processing SQL engine in hadoop
HAWQ: a massively parallel processing SQL engine in hadoop
 
Google Data Engineering.pdf
Google Data Engineering.pdfGoogle Data Engineering.pdf
Google Data Engineering.pdf
 
Data Engineering on GCP
Data Engineering on GCPData Engineering on GCP
Data Engineering on GCP
 
Module-2_HADOOP.pptx
Module-2_HADOOP.pptxModule-2_HADOOP.pptx
Module-2_HADOOP.pptx
 
BIg Data Analytics-Module-2 vtu engineering.pptx
BIg Data Analytics-Module-2 vtu engineering.pptxBIg Data Analytics-Module-2 vtu engineering.pptx
BIg Data Analytics-Module-2 vtu engineering.pptx
 
Choosing an IdM User Store technology
Choosing an IdM User Store technologyChoosing an IdM User Store technology
Choosing an IdM User Store technology
 
Hadoop Security in Big-Data-as-a-Service Deployments - Presented at Hadoop Su...
Hadoop Security in Big-Data-as-a-Service Deployments - Presented at Hadoop Su...Hadoop Security in Big-Data-as-a-Service Deployments - Presented at Hadoop Su...
Hadoop Security in Big-Data-as-a-Service Deployments - Presented at Hadoop Su...
 
Hadoop and SQL: Delivery Analytics Across the Organization
Hadoop and SQL: Delivery Analytics Across the OrganizationHadoop and SQL: Delivery Analytics Across the Organization
Hadoop and SQL: Delivery Analytics Across the Organization
 
Hadoop - Architectural road map for Hadoop Ecosystem
Hadoop - Architectural road map for Hadoop EcosystemHadoop - Architectural road map for Hadoop Ecosystem
Hadoop - Architectural road map for Hadoop Ecosystem
 
Untangling cluster management with Helix
Untangling cluster management with HelixUntangling cluster management with Helix
Untangling cluster management with Helix
 
Big_SQL_3.0_Whitepaper
Big_SQL_3.0_WhitepaperBig_SQL_3.0_Whitepaper
Big_SQL_3.0_Whitepaper
 

Plus de Impetus Technologies

Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...
Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...
Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...
Impetus Technologies
 
SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...
SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...
SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...
Impetus Technologies
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Impetus Technologies
 
Webinar maturity of mobile test automation- approaches and future trends
Webinar maturity of mobile test automation- approaches and future trendsWebinar maturity of mobile test automation- approaches and future trends
Webinar maturity of mobile test automation- approaches and future trends
Impetus Technologies
 

Plus de Impetus Technologies (20)

Data Warehouse Modernization Webinar Series- Critical Trends, Implementation ...
Data Warehouse Modernization Webinar Series- Critical Trends, Implementation ...Data Warehouse Modernization Webinar Series- Critical Trends, Implementation ...
Data Warehouse Modernization Webinar Series- Critical Trends, Implementation ...
 
Future-Proof Your Streaming Analytics Architecture- StreamAnalytix Webinar
Future-Proof Your Streaming Analytics Architecture- StreamAnalytix WebinarFuture-Proof Your Streaming Analytics Architecture- StreamAnalytix Webinar
Future-Proof Your Streaming Analytics Architecture- StreamAnalytix Webinar
 
Building Real-time Streaming Apps in Minutes- Impetus Webinar
Building Real-time Streaming Apps in Minutes- Impetus WebinarBuilding Real-time Streaming Apps in Minutes- Impetus Webinar
Building Real-time Streaming Apps in Minutes- Impetus Webinar
 
Smart Enterprise Big Data Bus for the Modern Responsive Enterprise- StreamAna...
Smart Enterprise Big Data Bus for the Modern Responsive Enterprise- StreamAna...Smart Enterprise Big Data Bus for the Modern Responsive Enterprise- StreamAna...
Smart Enterprise Big Data Bus for the Modern Responsive Enterprise- StreamAna...
 
Impetus White Paper- Handling Data Corruption in Elasticsearch
Impetus White Paper- Handling Data Corruption in ElasticsearchImpetus White Paper- Handling Data Corruption in Elasticsearch
Impetus White Paper- Handling Data Corruption in Elasticsearch
 
Real-world Applications of Streaming Analytics- StreamAnalytix Webinar
Real-world Applications of Streaming Analytics- StreamAnalytix WebinarReal-world Applications of Streaming Analytics- StreamAnalytix Webinar
Real-world Applications of Streaming Analytics- StreamAnalytix Webinar
 
Real-world Applications of Streaming Analytics- StreamAnalytix Webinar
Real-world Applications of Streaming Analytics- StreamAnalytix WebinarReal-world Applications of Streaming Analytics- StreamAnalytix Webinar
Real-world Applications of Streaming Analytics- StreamAnalytix Webinar
 
Real-time Streaming Analytics for Enterprises based on Apache Storm - Impetus...
Real-time Streaming Analytics for Enterprises based on Apache Storm - Impetus...Real-time Streaming Analytics for Enterprises based on Apache Storm - Impetus...
Real-time Streaming Analytics for Enterprises based on Apache Storm - Impetus...
 
Accelerating Hadoop Solution Lifecycle and Improving ROI- Impetus On-demand W...
Accelerating Hadoop Solution Lifecycle and Improving ROI- Impetus On-demand W...Accelerating Hadoop Solution Lifecycle and Improving ROI- Impetus On-demand W...
Accelerating Hadoop Solution Lifecycle and Improving ROI- Impetus On-demand W...
 
Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...
Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...
Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...
 
SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...
SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...
SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...
 
Enterprise Ready Android and Manageability- Impetus Webcast
Enterprise Ready Android and Manageability- Impetus WebcastEnterprise Ready Android and Manageability- Impetus Webcast
Enterprise Ready Android and Manageability- Impetus Webcast
 
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...
 
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...
 
Maturity of Mobile Test Automation: Approaches and Future Trends- Impetus Web...
Maturity of Mobile Test Automation: Approaches and Future Trends- Impetus Web...Maturity of Mobile Test Automation: Approaches and Future Trends- Impetus Web...
Maturity of Mobile Test Automation: Approaches and Future Trends- Impetus Web...
 
Big Data Analytics with Storm, Spark and GraphLab
Big Data Analytics with Storm, Spark and GraphLabBig Data Analytics with Storm, Spark and GraphLab
Big Data Analytics with Storm, Spark and GraphLab
 
Webinar maturity of mobile test automation- approaches and future trends
Webinar maturity of mobile test automation- approaches and future trendsWebinar maturity of mobile test automation- approaches and future trends
Webinar maturity of mobile test automation- approaches and future trends
 
Next generation analytics with yarn, spark and graph lab
Next generation analytics with yarn, spark and graph labNext generation analytics with yarn, spark and graph lab
Next generation analytics with yarn, spark and graph lab
 
Performance Testing of Big Data Applications - Impetus Webcast
Performance Testing of Big Data Applications - Impetus WebcastPerformance Testing of Big Data Applications - Impetus Webcast
Performance Testing of Big Data Applications - Impetus Webcast
 
Real-time Predictive Analytics in Manufacturing - Impetus Webinar
Real-time Predictive Analytics in Manufacturing - Impetus WebinarReal-time Predictive Analytics in Manufacturing - Impetus Webinar
Real-time Predictive Analytics in Manufacturing - Impetus Webinar
 

Dernier

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Dernier (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

The Shared Elephant - Hadoop as a Shared Service for Multiple Departments – Impetus White Paper

  • 1. The Shared Elephant A Shared Central Big Data Repository This white paper talks about the design considerations for enterprises to run Hadoop as a shared service for multiple departments. www.impetus.com
  • 2. Introduction Running an Enterprise Big Data repository requires significant investment in Learn about the considerations for Enterprises to use Hadoop as a shared service for multiple applications and business units. Read about Identity, Security, Resource Sharing, Monitoring and Operations on the Central Service. resources. A dedicated cluster for each department is cost-prohibitive, leading to the creation of Big Data silos and underutilization of cluster resources. Enterprises that run Hadoop at scale should allow Hadoop clusters to be shared by different business units. They must also support multiple use cases as well as a checkin/checkout model for an analytic block of works. We cover some design considerations for identity management, security, resource sharing and monitoring that are essential to build a secure, robust, highly available and shared central Big Data repository. Identity Security is of paramount concern in a shared, multi-tenant environment. Early versions of Hadoop had rudimentary security features, essentially relying on a fair use policy in a trusted environment. Recent versions of Hadoop have added significant identity management features. Let us explore a couple of these in detail. Kerberos Kerberos provides authentication and authorization services. The Kerberos mechanism provides stronger authentication in a more secure fashion than what was available in earlier versions of Hadoop. All clients have to authenticate with a central Kerberos service. Kerberos provides role-based access control and privilege enforcement. Kerberos enforces authentication of data node daemons with the parent services (name node and job tracker). Authentication prevents rogue data nodes from connecting to the parent services and compromising the data stored in the cluster. (Refer to the figure below that demonstrates how Hadoop Kerberos Key Distribution Center Kerberos Authentication works.) Authentication Service Request Session Ticket Session Ticket & Session Key Data Node Name Node Task Tracker HDFS Layer HDFS Data Tenant 1 Job Tracker Task Tracker M/R Layer Tenant 2 Data Node Parent Services Task Tracker HDFS Data Tenant 3 Hadoop Cluster 2 Data Node Hadoop Kerberos Authentication HDFS Data
  • 3. Lightweight Directory Access Protocol (LDAP) Integration LDAP can be used to create user accounts in all of the data nodes. This provides fine-grained access control policies and prevents privilege escalation attacks. Security Hadoop has several security features as listed below: • Running data node daemons on privileged ports. • Running tasks as the job owner instead of the task tracker daemon user. This prevents other users from changing the job and also viewing the local task data. • Preventing users other than the job owner to look at map outputs. • Restricting a task to only communicate with its parent task tracker to prevent rogue users from inspecting map input data. Data Security Hadoop does not natively integrate with data-at-rest encryption solutions. However, the Intel distribution of Hadoop provides fast encryption using Intel hardware enhancements. Hadoop 2.0 provides SSL transport between Hadoop daemons and during the shuffle phase. Sharing Resources Allocating shared resources to different users and groups in a fair and efficient manner poses some unique challenges in Hadoop. Hadoop does not provide policies and SLAs that are typical of shared systems. Hadoop presents the storage layer (HDFS) as a single shared resource but the computational layer (MapReduce) requires some fine-tuning for optimal results. Nevertheless, here are some recommendations on running a user-friendly shared Hadoop cluster. Resource Usage Limits • HDFS Quotas: HDFS provides name quotas and file quotas. Both are very useful to enforce sensible limits on HDFS usage. Designing a sensible shared directory structure is important, since quotas are set at either file or directory level. It is a good practice to have a common directory that is shared across groups and separate quota-limited directories for each group in a shared cluster. • Task Slots: Task slots are configured on a per node basis. They take into account the total capacity of the cluster. Individual jobs are then monitored to determine the number of mappers. A multiple of the number of map slots is the recommended practice. 3
  • 4. Scheduling Hadoop provides different schedulers as plug-ins. That said, not all schedulers are created equal. The FIFO scheduler should not be used as it can lead to significant resource underutilization and job starving. The fair scheduler is a good option for a dedicated cluster but may lead to resource contention in a shared environment. The capacity scheduler is the optimal choice for a shared cluster. The capacity scheduler provides multi-tenancy controls that prevent a user or a group of users from overwhelming the cluster. It also provides capacity guarantees through soft limits and enforceable hard limits. The capacity scheduler additionally improves security by providing ACLs for job queues. Monitoring Hadoop provides good monitoring options. We recommend using Ganglia or similar monitoring for production clusters. JMX monitoring should also be enabled. Recent versions of Hadoop ship with the more flexible metrics2 framework for metrics collection. Using metrics2 in the Ganglia context provides valuable insight into cluster usage. Oozie workflows also enables SLA tracking, which is important for a shared cluster. Operations We have discussed several operational considerations such as security, optimal resource sharing and monitoring. In addition to these, the operations team needs to build a proactive ‘service’ approach that addresses the full range of service components present in a Hadoop environment. Each of these components is a potential point of failure. Operations needs to shift from passive monitoring to actively meeting SLAs in a new distributed environment. This shift in focus necessitates a new organizational culture in addition to operational excellence. Operational Excellence Operational excellence for a shared cluster is not just about cluster health and uptime. Service metrics such as job completion rate, resource sharing and meeting SLAs is also significant. It is important to operationalize the aspects of identity, security, resource sharing and monitoring discussed above. To accomplish these, Hadoop operations need to perform regular audits, fire drills and ensure well documented processes and procedures. A runbook-based troubleshooting guide and well formulated support levels (Level 1, Level 2, and Level 3) with an easy escalation procedure are also required. If SLAs mandate limited service interruption, then the runbooks should have maximum resolution times and mandatory escalation based on severity and time-sensitive resolution. Operational excellence is a function of all of the above. 4
  • 5. Summary Design considerations for multi-tenant, multi-use Hadoop clusters are: • Design for security as part of the initial cluster planning. • Implement user-friendly resource sharing while meeting SLAs. • Use the Capacity Scheduler. • Monitor service metrics in addition to cluster metrics. • Institutionalize operational excellence through streamlined procedures and by cultivating a service mindset. As Hadoop becomes more mainstream and indispensable to enterprises, it is imperative that they build, operate and scale shared Hadoop clusters. The design considerations discussed in this paper will help enterprises accomplish the essential mission of running multi-tenant, multi-use Hadoop clusters at scale. About Impetus © 2013 Impetus Technologies, Inc. Impetus Technologies is a leading provider of Big Data solutions for the All rights reserved. Product and Fortune 500®. We help customers effectively manage the “3-Vs” of Big Data company names mentioned herein and create new business insights across their enterprises. may be trademarks of their respective companies. Oct 2013 #52991 Visit http://bigdata.impetus.com or write to us at bigdata@impetus.com