Get fresh updates from Hortonworks by email

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.


Sign up for the Developers Newsletter

Once a month, receive latest insights, trends, analytics information and knowledge of Big Data.


Get Started


Ready to Get Started?

Download sandbox

How can we help you?

* I understand I can unsubscribe at any time. I also acknowledge the additional information found in Hortonworks Privacy Policy.
closeClose button
May 13, 2014
prev slideNext slide

Discover HDP 2.1: New Features for Security and Apache Knox

Last week Vinay Shukla and Kevin Minder hosted the first of our seven Discover HDP 2.1 webinars. Vinay and Kevin covered three important topics related to new Apache Hadoop security features in HDP 2.1:

  • REST API security with Apache Knox Gateway
  • HDFS security with Access Control Lists (ACLs)
  • SQL security and next-generation Hive authorization

Here is the complete recording of the webinar.

Here are the presentation slides:

Attend our next Discover HDP 2.1 webinar tomorrow, Thursday, May 15 at 10am Pacific Time: Interactive SQL Query in Hadoop with Apache Hive

We’re grateful to the many participants who joined and asked excellent questions. This is the complete list of questions that they asked, with the corresponding answers:

Question Answer
Is Knox Gateway a single point of failure? No. Traditional web load balancers can be used in front of Knox to provide HA and scalability.
My company is a Microsoft shop. Please provide information on how Hadoop can fit into my environment. HDP is supported on Windows:

In Active Directory, can I set ACLs at the organization unit (OU) level? The metadata associated with the HDFS ACLs is stored in the NameNode metadata name space. While the users and groups may come from AD, the actual ACLs are not managed there.
Is Knox limited to a certain set of Web APIs or is it extensible to handle more than Oozie, WebHCat, etc.? It is extensible. Knox has a plug-in framework that supports “drop in” extensions.
Does Hive Authorization apply to Tez? Yes. Hive Authorization does apply when Tez is being used.
Where does Apache Sentry fit in? Apache Sentry is a good authorization solution. Unfortunately, it does not provide a SQL standard-based authorization. With Sentry, the authorization policy is not stored in the same place where the table is, so if you drop a table, you’ll have to keep the policy in sync.
I see there are encryption features coming in Phase 3. When will Phase 3 be complete? Phase 3 will be delivered over the next few releases of HDP. Exact dates are still TBD. Watch our Security for Enterprise Hadoop labs page for updates on the roadmap.

Visit our Security for Enterprise Hadoop labs page to learn more.


Leave a Reply

Your email address will not be published. Required fields are marked *

If you have specific technical questions, please post them in the Forums