Discover HDP 2.1: New Features for Security and Apache Knox

A follow up on the recent Apache Knox and security features webinar

Last week Vinay Shukla and Kevin Minder hosted the first of our seven Discover HDP 2.1 webinars. Vinay and Kevin covered three important topics related to new Apache Hadoop security features in HDP 2.1:

  • REST API security with Apache Knox Gateway
  • HDFS security with Access Control Lists (ACLs)
  • SQL security and next-generation Hive authorization

Here is the complete recording of the webinar.

Here are the presentation slides:

Attend our next Discover HDP 2.1 webinar tomorrow, Thursday, May 15 at 10am Pacific Time: Interactive SQL Query in Hadoop with Apache Hive

We’re grateful to the many participants who joined and asked excellent questions. This is the complete list of questions that they asked, with the corresponding answers:

Question Answer
Is Knox Gateway a single point of failure? No. Traditional web load balancers can be used in front of Knox to provide HA and scalability.
My company is a Microsoft shop. Please provide information on how Hadoop can fit into my environment. HDP is supported on Windows:

In Active Directory, can I set ACLs at the organization unit (OU) level? The metadata associated with the HDFS ACLs is stored in the NameNode metadata name space. While the users and groups may come from AD, the actual ACLs are not managed there.
Is Knox limited to a certain set of Web APIs or is it extensible to handle more than Oozie, WebHCat, etc.? It is extensible. Knox has a plug-in framework that supports “drop in” extensions.
Does Hive Authorization apply to Tez? Yes. Hive Authorization does apply when Tez is being used.
Where does Apache Sentry fit in? Apache Sentry is a good authorization solution. Unfortunately, it does not provide a SQL standard-based authorization. With Sentry, the authorization policy is not stored in the same place where the table is, so if you drop a table, you’ll have to keep the policy in sync.
I see there are encryption features coming in Phase 3. When will Phase 3 be complete? Phase 3 will be delivered over the next few releases of HDP. Exact dates are still TBD. Watch our Security for Enterprise Hadoop labs page for updates on the roadmap.

Visit our Security for Enterprise Hadoop labs page to learn more.

Categorized by :
Business Value of Hadoop HDP 2.1 Knox Gateway Security

Leave a Reply

Your email address will not be published. Required fields are marked *

If you have specific technical questions, please post them in the Forums

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Hortonworks Data Platform
The Hortonworks Data Platform is a 100% open source distribution of Apache Hadoop that is truly enterprise grade having been built, tested and hardened with enterprise rigor.
Get started with Sandbox
Hortonworks Sandbox is a self-contained virtual machine with Apache Hadoop pre-configured alongside a set of hands-on, step-by-step Hadoop tutorials.
Modern Data Architecture
Tackle the challenges of big data. Hadoop integrates with existing EDW, RDBMS and MPP systems to deliver lower cost, higher capacity infrastructure.