Presented at HadoopDay, Seattle, 2010.

1. Up-Armoring the Elephant Secure Hadoop is Here Jakob Homan jhoman@yahoo-inc.com

2. Who I am 8/14/10 2

3. Using Hadoop at Yahoo! 8/14/10 3

4. As of 2009, 72% percent of patches going into the Hadoop source code were coming from Yahoo! Developing Hadoop at Yahoo! 8/14/10 4

5. Yahoo! provides extensive QE and QA resources to test Hadoop releases at scale. Developing Hadoop at Yahoo! 8/14/10 5

6. Developing Hadoop at Yahoo! 8/14/10 6 The Yahoo! distribution of Hadoop, available on Github, is the same code we run internally on our servers. Patches important to stability and performance and stability are applied here, as well as Apache.

7. Developing Hadoop at Yahoo! 8/14/10 7 The rest of the family

8. Hadoop at Yahoo! Sunnyvale 8/14/10 8

9. Why do we need a secure Hadoop? 8/14/10 9

10. Current state of security in Hadoop 8/14/10 10

11. Current state of security in Hadoop 8/14/10 11 Bowser copyright Nintendo

12. The elephant is too trusting 8/14/10 12

13. Which can let bad people do bad things 8/14/10 13

14. Why is securing Hadoop hard? 8/14/10 14

15. Enter Kerberos! 8/14/10 15

16. Kerberos workflow 8/14/10 16

17. RPC upgraded to use SASL/GSSAPI 8/14/10 17

18. What does a secure Hadoop look like? 8/14/10 18

19. Like this 8/14/10 19

20. Everyone now authenticated 8/14/10 20

21. Additional security throughout system 8/14/10 21

22. How do I write a secure MapReduce job? 8/14/10 22

23. This is how 8/14/10 23 Nochanges!

24. Significant user-facing changes 8/14/10 24

25. Secure web access is pluggable 8/14/10 25

26. DistCP works… in 3 out of 4 cases 8/14/10 26

27. Out of scope 8/14/10 27

28. Impact on performance 8/14/10 28

29. Take security for a test drive 8/14/10 29

30. Or build a secure cluster at home 8/14/10 30

31. Other projects and security 8/14/10 31

32. Current state 8/14/10 32

33. Current state 8/14/10 33

34. Security list 8/14/10 34

35. Questions? 8/14/10 35