Submit Search
Upload
Apache Kafka Security
•
Download as PPTX, PDF
•
10 likes
•
6,861 views
DataWorks Summit/Hadoop Summit
Follow
Apache Kafka Security
Read less
Read more
Technology
Report
Share
Report
Share
1 of 39
Download now
Recommended
Apache Kafka® Security Overview
Apache Kafka® Security Overview
confluent
Disaster Recovery Plans for Apache Kafka
Disaster Recovery Plans for Apache Kafka
confluent
Securing Kafka
Securing Kafka
confluent
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
confluent
How to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams Safe
confluent
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips
confluent
Introduction to Apache Kafka
Introduction to Apache Kafka
Jeff Holoman
Kafka presentation
Kafka presentation
Mohammed Fazuluddin
Recommended
Apache Kafka® Security Overview
Apache Kafka® Security Overview
confluent
Disaster Recovery Plans for Apache Kafka
Disaster Recovery Plans for Apache Kafka
confluent
Securing Kafka
Securing Kafka
confluent
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
Disaster Recovery with MirrorMaker 2.0 (Ryanne Dolan, Cloudera) Kafka Summit ...
confluent
How to Lock Down Apache Kafka and Keep Your Streams Safe
How to Lock Down Apache Kafka and Keep Your Streams Safe
confluent
Kafka Security 101 and Real-World Tips
Kafka Security 101 and Real-World Tips
confluent
Introduction to Apache Kafka
Introduction to Apache Kafka
Jeff Holoman
Kafka presentation
Kafka presentation
Mohammed Fazuluddin
kafka
kafka
Amikam Snir
Fundamentals of Apache Kafka
Fundamentals of Apache Kafka
Chhavi Parasher
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
confluent
Apache Kafka Introduction
Apache Kafka Introduction
Amita Mirajkar
Common issues with Apache Kafka® Producer
Common issues with Apache Kafka® Producer
confluent
Kafka internals
Kafka internals
David Groozman
Apache Kafka
Apache Kafka
Diego Pacheco
A visual introduction to Apache Kafka
A visual introduction to Apache Kafka
Paul Brebner
[Confluent] 실시간 하이브리드, 멀티 클라우드 데이터 아키텍처로 빠르게 혀...
[Confluent] 실시간 하이브리드, 멀티 클라우드 데이터 아키텍처로 빠르게 혀...
confluent
Getting Started with Confluent Schema Registry
Getting Started with Confluent Schema Registry
confluent
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Jean-Paul Azar
Kafka 101 and Developer Best Practices
Kafka 101 and Developer Best Practices
confluent
Distributed stream processing with Apache Kafka
Distributed stream processing with Apache Kafka
confluent
Autoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive Mode
Flink Forward
Data Pipelines with Kafka Connect
Data Pipelines with Kafka Connect
Kaufman Ng
Building High-Throughput, Low-Latency Pipelines in Kafka
Building High-Throughput, Low-Latency Pipelines in Kafka
confluent
Apache Kafka vs. Integration Middleware (MQ, ETL, ESB) - Friends, Enemies or ...
Apache Kafka vs. Integration Middleware (MQ, ETL, ESB) - Friends, Enemies or ...
confluent
Apache kafka
Apache kafka
Kumar Shivam
Kafka Tutorial: Kafka Security
Kafka Tutorial: Kafka Security
Jean-Paul Azar
Stream processing using Kafka
Stream processing using Kafka
Knoldus Inc.
Kafka Security
Kafka Security
DataWorks Summit/Hadoop Summit
Kafka Security
Kafka Security
Sriharsha Chintalapani
More Related Content
What's hot
kafka
kafka
Amikam Snir
Fundamentals of Apache Kafka
Fundamentals of Apache Kafka
Chhavi Parasher
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
confluent
Apache Kafka Introduction
Apache Kafka Introduction
Amita Mirajkar
Common issues with Apache Kafka® Producer
Common issues with Apache Kafka® Producer
confluent
Kafka internals
Kafka internals
David Groozman
Apache Kafka
Apache Kafka
Diego Pacheco
A visual introduction to Apache Kafka
A visual introduction to Apache Kafka
Paul Brebner
[Confluent] 실시간 하이브리드, 멀티 클라우드 데이터 아키텍처로 빠르게 혀...
[Confluent] 실시간 하이브리드, 멀티 클라우드 데이터 아키텍처로 빠르게 혀...
confluent
Getting Started with Confluent Schema Registry
Getting Started with Confluent Schema Registry
confluent
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Jean-Paul Azar
Kafka 101 and Developer Best Practices
Kafka 101 and Developer Best Practices
confluent
Distributed stream processing with Apache Kafka
Distributed stream processing with Apache Kafka
confluent
Autoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive Mode
Flink Forward
Data Pipelines with Kafka Connect
Data Pipelines with Kafka Connect
Kaufman Ng
Building High-Throughput, Low-Latency Pipelines in Kafka
Building High-Throughput, Low-Latency Pipelines in Kafka
confluent
Apache Kafka vs. Integration Middleware (MQ, ETL, ESB) - Friends, Enemies or ...
Apache Kafka vs. Integration Middleware (MQ, ETL, ESB) - Friends, Enemies or ...
confluent
Apache kafka
Apache kafka
Kumar Shivam
Kafka Tutorial: Kafka Security
Kafka Tutorial: Kafka Security
Jean-Paul Azar
Stream processing using Kafka
Stream processing using Kafka
Knoldus Inc.
What's hot
(20)
kafka
kafka
Fundamentals of Apache Kafka
Fundamentals of Apache Kafka
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
KSQL-ops! Running ksqlDB in the Wild (Simon Aubury, ThoughtWorks) Kafka Summi...
Apache Kafka Introduction
Apache Kafka Introduction
Common issues with Apache Kafka® Producer
Common issues with Apache Kafka® Producer
Kafka internals
Kafka internals
Apache Kafka
Apache Kafka
A visual introduction to Apache Kafka
A visual introduction to Apache Kafka
[Confluent] 실시간 하이브리드, 멀티 클라우드 데이터 아키텍처로 빠르게 혀...
[Confluent] 실시간 하이브리드, 멀티 클라우드 데이터 아키텍처로 빠르게 혀...
Getting Started with Confluent Schema Registry
Getting Started with Confluent Schema Registry
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Kafka Tutorial - Introduction to Apache Kafka (Part 1)
Kafka 101 and Developer Best Practices
Kafka 101 and Developer Best Practices
Distributed stream processing with Apache Kafka
Distributed stream processing with Apache Kafka
Autoscaling Flink with Reactive Mode
Autoscaling Flink with Reactive Mode
Data Pipelines with Kafka Connect
Data Pipelines with Kafka Connect
Building High-Throughput, Low-Latency Pipelines in Kafka
Building High-Throughput, Low-Latency Pipelines in Kafka
Apache Kafka vs. Integration Middleware (MQ, ETL, ESB) - Friends, Enemies or ...
Apache Kafka vs. Integration Middleware (MQ, ETL, ESB) - Friends, Enemies or ...
Apache kafka
Apache kafka
Kafka Tutorial: Kafka Security
Kafka Tutorial: Kafka Security
Stream processing using Kafka
Stream processing using Kafka
Similar to Apache Kafka Security
Kafka Security
Kafka Security
DataWorks Summit/Hadoop Summit
Kafka Security
Kafka Security
Sriharsha Chintalapani
Visualizing Kafka Security
Visualizing Kafka Security
DataWorks Summit
Kafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right Way
Saylor Twift
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Kevin Minder
TriHUG October: Apache Ranger
TriHUG October: Apache Ranger
trihug
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
confluent
Securing Spark Applications
Securing Spark Applications
DataWorks Summit/Hadoop Summit
Paris FOD meetup - kafka security 101
Paris FOD meetup - kafka security 101
Abdelkrim Hadjidj
Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015
Shravan (Sean) Pabba
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
DataWorks Summit
Accumulo Summit 2014: Monitoring Apache Accumulo
Accumulo Summit 2014: Monitoring Apache Accumulo
Accumulo Summit
Hadoop Operations - Past, Present, and Future
Hadoop Operations - Past, Present, and Future
DataWorks Summit
Hadoop Operations – Past, Present, and Future
Hadoop Operations – Past, Present, and Future
DataWorks Summit
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Novell
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
Hdp security overview
Hdp security overview
Hortonworks
Saving the elephant—now, not later
Saving the elephant—now, not later
DataWorks Summit
Hadoop and Data Access Security
Hadoop and Data Access Security
Cloudera, Inc.
Similar to Apache Kafka Security
(20)
Kafka Security
Kafka Security
Kafka Security
Kafka Security
Visualizing Kafka Security
Visualizing Kafka Security
Kafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right Way
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
TriHUG October: Apache Ranger
TriHUG October: Apache Ranger
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Protecting your data at rest with Apache Kafka by Confluent and Vormetric
Securing Spark Applications
Securing Spark Applications
Paris FOD meetup - kafka security 101
Paris FOD meetup - kafka security 101
Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
Accumulo Summit 2014: Monitoring Apache Accumulo
Accumulo Summit 2014: Monitoring Apache Accumulo
Hadoop Operations - Past, Present, and Future
Hadoop Operations - Past, Present, and Future
Hadoop Operations – Past, Present, and Future
Hadoop Operations – Past, Present, and Future
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
Hdp security overview
Hdp security overview
Saving the elephant—now, not later
Saving the elephant—now, not later
Hadoop and Data Access Security
Hadoop and Data Access Security
More from DataWorks Summit/Hadoop Summit
Running Apache Spark & Apache Zeppelin in Production
Running Apache Spark & Apache Zeppelin in Production
DataWorks Summit/Hadoop Summit
State of Security: Apache Spark & Apache Zeppelin
State of Security: Apache Spark & Apache Zeppelin
DataWorks Summit/Hadoop Summit
Unleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache Ranger
DataWorks Summit/Hadoop Summit
Enabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science Platform
DataWorks Summit/Hadoop Summit
Revolutionize Text Mining with Spark and Zeppelin
Revolutionize Text Mining with Spark and Zeppelin
DataWorks Summit/Hadoop Summit
Double Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSense
DataWorks Summit/Hadoop Summit
Hadoop Crash Course
Hadoop Crash Course
DataWorks Summit/Hadoop Summit
Data Science Crash Course
Data Science Crash Course
DataWorks Summit/Hadoop Summit
Apache Spark Crash Course
Apache Spark Crash Course
DataWorks Summit/Hadoop Summit
Dataflow with Apache NiFi
Dataflow with Apache NiFi
DataWorks Summit/Hadoop Summit
Schema Registry - Set you Data Free
Schema Registry - Set you Data Free
DataWorks Summit/Hadoop Summit
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
DataWorks Summit/Hadoop Summit
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
DataWorks Summit/Hadoop Summit
Mool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and ML
DataWorks Summit/Hadoop Summit
How Hadoop Makes the Natixis Pack More Efficient
How Hadoop Makes the Natixis Pack More Efficient
DataWorks Summit/Hadoop Summit
HBase in Practice
HBase in Practice
DataWorks Summit/Hadoop Summit
The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)
DataWorks Summit/Hadoop Summit
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
DataWorks Summit/Hadoop Summit
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
DataWorks Summit/Hadoop Summit
Backup and Disaster Recovery in Hadoop
Backup and Disaster Recovery in Hadoop
DataWorks Summit/Hadoop Summit
More from DataWorks Summit/Hadoop Summit
(20)
Running Apache Spark & Apache Zeppelin in Production
Running Apache Spark & Apache Zeppelin in Production
State of Security: Apache Spark & Apache Zeppelin
State of Security: Apache Spark & Apache Zeppelin
Unleashing the Power of Apache Atlas with Apache Ranger
Unleashing the Power of Apache Atlas with Apache Ranger
Enabling Digital Diagnostics with a Data Science Platform
Enabling Digital Diagnostics with a Data Science Platform
Revolutionize Text Mining with Spark and Zeppelin
Revolutionize Text Mining with Spark and Zeppelin
Double Your Hadoop Performance with Hortonworks SmartSense
Double Your Hadoop Performance with Hortonworks SmartSense
Hadoop Crash Course
Hadoop Crash Course
Data Science Crash Course
Data Science Crash Course
Apache Spark Crash Course
Apache Spark Crash Course
Dataflow with Apache NiFi
Dataflow with Apache NiFi
Schema Registry - Set you Data Free
Schema Registry - Set you Data Free
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Building a Large-Scale, Adaptive Recommendation Engine with Apache Flink and ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Real-Time Anomaly Detection using LSTM Auto-Encoders with Deep Learning4J on ...
Mool - Automated Log Analysis using Data Science and ML
Mool - Automated Log Analysis using Data Science and ML
How Hadoop Makes the Natixis Pack More Efficient
How Hadoop Makes the Natixis Pack More Efficient
HBase in Practice
HBase in Practice
The Challenge of Driving Business Value from the Analytics of Things (AOT)
The Challenge of Driving Business Value from the Analytics of Things (AOT)
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
Breaking the 1 Million OPS/SEC Barrier in HOPS Hadoop
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
From Regulatory Process Verification to Predictive Maintenance and Beyond wit...
Backup and Disaster Recovery in Hadoop
Backup and Disaster Recovery in Hadoop
Recently uploaded
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
vincent683379
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
Jennifer Lim
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
UXDXConf
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
CzechDreamin
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
FIDO Alliance
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
TopCSSGallery
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Stephanie Beckett
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FIDO Alliance
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
FIDO Alliance
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
Mark Billinghurst
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
Stefano
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
UXDXConf
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge
Recently uploaded
(20)
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
Apache Kafka Security
1.
Page1 © Hortonworks
Inc. 2014 Apache Kafka Security SSL, Kerberos & Authorization Manikumar Reddy Hortonworks @omkreddy
2.
Page2 © Hortonworks
Inc. 2014 Kafka Security Authors Sriharsha Chintalapani Apache Kafka Committer Apache Storm Committer & PMC Parth Brahmbhatt Apache Kafka Contributor Apache Storm Committer & PMC
3.
Page3 © Hortonworks
Inc. 2014 Why Kafka Security? • Kafka is becoming centralized data bus connecting external data sources to Hadoop eco system. • There are lot of requests/discussions in Kafka mailing lists to add security
4.
Page4 © Hortonworks
Inc. 2014 Kafka Security - Overview • Wire encryption and Authentication via SSL • Role Based authentication via SASL ( Kerberos, Plaintext) • Authorizer to add fine-grain access controls to Kafka topics per User, per Host.
5.
Page5 © Hortonworks
Inc. 2014 Authentication • Brokers support listening for connections on multiple ports • Plain text (no wire encryption/no authentication) • SSL (wire encryption/authentication) • SASL (Kerberos/Plain text authentication) • SSL + SASL ( SSL for wire encryption + SASL for authentication) Ex: listeners=PLAINTEXT://host.name:port,SSL://host.name:port
6.
Page6 © Hortonworks
Inc. 2014 Kafka Security – SSL • Kafka SSL / SASL requirements • No User-level API changes to clients • Retain length-encoded Kafka protocols • Client must authenticate before sending/receiving requests • Kafka Channel • Instead of using socket channel, we added KafkaChannel which consists a TransportLayer, Authenticator.
7.
Page7 © Hortonworks
Inc. 2014 Kafka Networking KafkaChannel TransportLayer Authenticator Kafka Server handshake authenticate
8.
Page8 © Hortonworks
Inc. 2014 Kafka Security – SSL
9.
Page9 © Hortonworks
Inc. 2014 Kafka Security – SSL • Principal Builder • By default, SSL user name will be of the form "CN=hostname,OU=organizationunit,O=organization,L=locati on,ST=state,C=country". • X509Certificate has lot more information about a client identity. • PrincipalBuilder provides interface to plug in a custom PrincipalBuilder that has access to X509Certificate and can construct a user identity out of it.
10.
Page10 © Hortonworks
Inc. 2014 Kafka Security – SSL • Broker Configs: • listeners=SSL://host.name:port • ssl.keystore.location=/var/private/ssl/kafka.server.keystore.jks • ssl.keystore.password=test1234 • ssl.key.password=test1234 • ssl.truststore.location=/var/private/ssl/kafka.server.truststore.jks • ssl.truststore.password=test1234 • security.inter.broker.protocol=SSL • ssl.client.auth=true
11.
Page11 © Hortonworks
Inc. 2014 Kafka Security – SSL • Client Configs: • security.protocol=SSL • ssl.truststore.location=/var/private/ssl/kafka.client.truststore.jks • ssl.truststore.password=test1234 • ssl.keystore.location=/var/private/ssl/kafka.client.keystore.jks • ssl.keystore.password=test1234 • ssl.key.password=test1234
12.
Page12 © Hortonworks
Inc. 2014 Kafka Security – SASL • Simple Authentication and Security Layer, or SASL • Provides flexibility in using mechanisms • Challenge/Response protocols • Mechanisms : GSSAPI/Kerberos, clear text username/password, DIGEST- MD5 • JAAS Login • Before client & server can handshake , they need to authenticate with Kerberos or other Identity Provider. • JAAS provides a pluggable way of providing user credentials. One can easily add LDAP or other mechanism just by changing a config file. • Kafka supports GSSAPI/Kerberos, clear text username/password
13.
Page13 © Hortonworks
Inc. 2014 Kafka Security – SASL Client Broker Connection Mechanism list Selected Mechanism & sasl data Evaluate and Response Sasl data Client Authenticated
14.
Page14 © Hortonworks
Inc. 2014 Kafka Security – SASL • Prepare JAAS Config file KafkaServer { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true serviceName="kafka" keyTab="/vagrant/keytabs/kafka1.keytab" principal="kafka/host@EXAMPLE.COM"; }; KafkaClient { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true serviceName="kafka" keyTab="/vagrant/keytabs/client1.keytab" principal=”client/host@EXAMPLE.COM"; }; • Pass JAAS config file as jvm parameter. -Djava.security.auth.login.config • security.inter.broker.protocol=SASL_PLAINTEXT • security.protocol=SASL_PLAINTEXT
15.
Page15 © Hortonworks
Inc. 2014 Kafka Security – SASL • Kerberos principal name • {username}/{hostname}@{REALM} • Ex: kafka/kafka.host1.com@{TEST.COM} • {username} part taken as default principal • sasl.kerberos.principal.to.local.rules – customize principal name
16.
Page16 © Hortonworks
Inc. 2014 Kafka Security – Resources • SSL • http://kafka.apache.org/documentation.html#security_ssl • SASL • http://kafka.apache.org/documentation.html#security_sasl • Vagrant Setup • SASL • https://github.com/harshach/kafka-vagrant/tree/master/ • SSL • https://github.com/harshach/kafka-vagrant/tree/ssl/
17.
Page17 © Hortonworks
Inc. 2014 Authorizer • Controls who can do what • Pluggable • Acl based approach
18.
Page18 © Hortonworks
Inc. 2014 Acl • Alice is Allowed to Read from Orders-topic from Host-1 Principal Permission Operation Resource Host Alice Allow Read Orders Host-1
19.
Page19 © Hortonworks
Inc. 2014 Principal • PrincipalType:Name • Supported types: User • Extensible so users can add their own types • Wild Card User:*
20.
Page20 © Hortonworks
Inc. 2014 Operations and Resources • Operation • Read, Write, Create, Delete, Describe, ClusterAction, All • Resource • ResourceType:ResourceName • Topic, Cluster and ConsumerGroup • Wild card resource ResourceType:* • Topic -> Read, Write, Describe • ConsumerGroup -> Read • Cluster -> Create, ClusterAction
21.
Page21 © Hortonworks
Inc. 2014 Permissions • Allow and Deny • Anyone without an explicit Allow ACL is denied • Deny works as negation • Deny takes precedence over Allow Acls
22.
Page22 © Hortonworks
Inc. 2014 Hosts • Allows authorizer to provide firewall type security even in non secure environment. • * as Wild card.
23.
Page23 © Hortonworks
Inc. 2014 Configuration • Authorizer class • Super users • Authorizer properties • Default behavior for resources with no ACLs – allow.everyone.if.no.acl.found = false
24.
Page24 © Hortonworks
Inc. 2014 SimpleAclAuthorizer • Out of box authorizer implementation. • Stores all of its ACLs in zookeeper. • In built ACL cache to avoid performance penalty. • Provides authorizer audit log.
25.
Page25 © Hortonworks
Inc. 2014 Client Broker Authorizer Zookeeper configure Read ACLs Load Cache Request authorize ACL match Or Super User? Allowed/Den ied
26.
Page27 © Hortonworks
Inc. 2014 CLI • Add, Remove and List acls • Convenience options: – Producer bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --producer --topic Test-topic – Consumer bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Bob --consumer --topic test-topic --group Group-1
27.
Page28 © Hortonworks
Inc. 2014 Ranger Policy
28.
Page29 © Hortonworks
Inc. 2014 Ranger Auditing
29.
Page30 © Hortonworks
Inc. 2014 Securing Zookeeper • Kafka’s metadata store , ACLs • Create , Delete directly interacts with zookeeper • Has its own security mechanism that supports SASL and MD5-DIGEST for establishing identity and ACL based authorization • Set zookeeper.set.acl = true • ZK paths are writable by brokers and readable by all
30.
Page31 © Hortonworks
Inc. 2014 Client JAAS Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true storeKey=true serviceName="zookeeper" keyTab="/vagrant/keytabs/kafka.keytab" principal="kafka/kafka@WITZEND.COM"; };
31.
Page32 © Hortonworks
Inc. 2014 Future • KIP-4 (Admin API): Move everything to server side, no direct interactions with zookeeper • Group Support • Pluggable Auditor
32.
Page33 © Hortonworks
Inc. 2014 Apache Kafka 0.10.0.0 • New Client Library, Kafka Streams • New timestamp field for messages • Balancing Replicas Across Racks • Authentication using SASL/PLAIN. • New Consumer configuration parameter 'max.poll.records'
33.
Page34 © Hortonworks
Inc. 2014 Summary • SSL for wire encryption • SASL for authentication • Authorization • Secure Zookeeper Thanks to the community for participation.
34.
Page35 © Hortonworks
Inc. 2014 35
35.
Page36 © Hortonworks
Inc. 2014 Kafka Networking
36.
Page37 © Hortonworks
Inc. 2014 Kafka Networking http://www.slideshare.net/jjkoshy/troubleshooting-kafkas-socket-server-from-incident-to-resolution
37.
Page38 © Hortonworks
Inc. 2014 Kafka Networking
38.
Page39 © Hortonworks
Inc. 2014 Kafka Security – SSL • SSLTransportLayer • Before sending any application data, both client and server needs to go though SSL handshake • SSLTransportLayer uses SSLEngine to establish a non- blocking handshake. • SSLEngine provides a state machine to go through several steps of SSLhandshake
39.
Page40 © Hortonworks
Inc. 2014 Kafka Security – SSL • SSLTransportLayer • SocketChannel read • Returns encrypted data • Decrypts the data and returns the length of the data from Kafka protocols • SocketChannel Write • Writes encrypted data onto channel • Regular socketChannel returns length of the data written to socket. • Incase of SSL since we encrypt the data we can’t return exact length written to socket which will be more than actual data • Its important to keep track length of data written to network. This signifies if we successfully written data to the network or not and move on to next request.
Download now