Discover HDP 2.1: New Features for Security and Apache Knox

A follow up on the recent Apache Knox and security features webinar

Last week Vinay Shukla and Kevin Minder hosted the first of our seven Discover HDP 2.1 webinars. Vinay and Kevin covered three important topics related to new Apache Hadoop security features in HDP 2.1:

  • REST API security with Apache Knox Gateway
  • HDFS security with Access Control Lists (ACLs)
  • SQL security and next-generation Hive authorization

Here is the complete recording of the webinar.

Here are the presentation slides: http://www.slideshare.net/hortonworks/discoverhdp21security

Attend our next Discover HDP 2.1 webinar tomorrow, Thursday, May 15 at 10am Pacific Time: Interactive SQL Query in Hadoop with Apache Hive

We’re grateful to the many participants who joined and asked excellent questions. This is the complete list of questions that they asked, with the corresponding answers:

Question Answer
Is Knox Gateway a single point of failure? No. Traditional web load balancers can be used in front of Knox to provide HA and scalability.
My company is a Microsoft shop. Please provide information on how Hadoop can fit into my environment. HDP is supported on Windows:

In Active Directory, can I set ACLs at the organization unit (OU) level? The metadata associated with the HDFS ACLs is stored in the NameNode metadata name space. While the users and groups may come from AD, the actual ACLs are not managed there.
Is Knox limited to a certain set of Web APIs or is it extensible to handle more than Oozie, WebHCat, etc.? It is extensible. Knox has a plug-in framework that supports “drop in” extensions.
Does Hive Authorization apply to Tez? Yes. Hive Authorization does apply when Tez is being used.
Where does Apache Sentry fit in? Apache Sentry is a good authorization solution. Unfortunately, it does not provide a SQL standard-based authorization. With Sentry, the authorization policy is not stored in the same place where the table is, so if you drop a table, you’ll have to keep the policy in sync.
I see there are encryption features coming in Phase 3. When will Phase 3 be complete? Phase 3 will be delivered over the next few releases of HDP. Exact dates are still TBD. Watch our Security for Enterprise Hadoop labs page for updates on the roadmap.

Visit our Security for Enterprise Hadoop labs page to learn more.

Categorized by :
Administrator Architect & CIO Architecture Hadoop in the Enterprise HDP 2.1 Knox Gateway Security

Leave a Reply

Your email address will not be published. Required fields are marked *

If you have specific technical questions, please post them in the Forums

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Modern Data Architecture
Tackle the challenges of big data. Hadoop integrates with existing EDW, RDBMS and MPP systems to deliver lower cost, higher capacity infrastructure.
Integrate with existing systems
Hortonworks maintains and works with an extensive partner ecosystem from broad enterprise platform vendors to specialized solutions and systems integrators.
HDP 2.1 Webinar Series
Join us for a series of talks on some of the new enterprise functionality available in HDP 2.1 including data governance, security, operations and data access :