SlideShare a Scribd company logo

Securing Hadoop @eBay

DataWorks Summit
DataWorks Summit

eBay has large, multi-purpose Hadoop clusters with many petabytes of data. eBay Inc?s many subsidiaries and applications give rise to fascinating, complex scenarios for authentication, audit, access control, data protection, data safety, and privacy. To fulfill these complex requirements, security is enabled on Hadoop clusters at eBay. We have been experimenting with and implementing in our production systems several techniques to 1) Set up and operate large clusters (thousands of nodes) efficiently and effectively for a thousand users, and 2)Enable security transparently without impacting user jobs or over-burdening users with inconvenient restrictions Based on our experiments, we have assembled some effective ?best? practices for deploying, operating and using secure Hadoop?clusters. In this presentation, we explain these methods and rules-of-thumb that efficiently and effectively: 1)Set up reliable, scalable Infrastructure to enable strong security for large clusters 2)Set up a very large secure Hadoop cluster in a scalable, zero-touch automated way 3)Update software and configuration on the cluster efficiently while minimizing ?drift? among machines 4)Keep Hadoop services up and running with minimum human intervention 5)Manage user Access to Hadoop clusters? 6)Control access to data and other resources 7)Process highly confidential data using map-reduce programs

SportsTechnology
1 of 22
Secure Hadoop @ eBay Benoy Antony & Jos Backus
Overview Cluster facts Enabling Security Process Supervision
Cluster Facts •Shared clusters & dedicated clusters •10s of PB and 10’s of thousands of slots per cluster •Runs HDP 1.2 •Used Primarily for analysis of user behavior and inventory •Mix of production jobs and ad-hoc jobs •Mix of MR, Hive, Pig, Cascading, Streaming etc. Secure Hadoop @ eBay 3
Why is Security needed at eBay ? •To control access to sensitive data – ACLS are ineffective without strong authentication •To execute tasks as the Job submitter •Build new features – Encryption Secure Hadoop @ eBay 4
Hadoop Security Overview •Authentication using Kerberos •Authorization via ACLs. •Group and user information using LDAP •Pluggable authentication for webui Secure Hadoop @ eBay 5
Security Infrastructure @ eBay •Cluster machines including Gateway are inside the firewall •Uses Active Directory for Kerberos and LDAP •Separate Domain for users and Hadoop Servers CORP AD Gate way JT NN HBM DN TT RS DN TT RS Hadoop AD Secure Hadoop @ eBay 6
Advantages of Separate user and Server Domains •Separates User and Server Authentication •Prevents additional Kerberos and LDAP traffic to Corp Servers •Hadoop team can manage Hadoop Server Accounts CORP AD Hadoop AD Secure Hadoop @ eBay 7 Hadoop Cluster Nodes Server accounts User accounts
Syncing Hadoop User Information •All nodes require User and Group Information – Permissions checks – Running tasks •Hadoop AD should contain user and group information •Periodic synchronization of user information from CORP AD to Hadoop AD – LDAP Synchronization Connector – User’s password is not synced. CORP AD Gate way JT NN DN TT DN TT Hadoop AD Secure Hadoop @ eBay 8 LSC Hadoop groups Hadoop users Batch accounts
No Cross Domain Trust ! •Modified Hadoop Authentication Layer – Hadoop Masters have two principals and corresponding keytabs •hdfs/namenode@hadoop.ebay.com •hdfs/namenode@corp.ebay.com – Loads server principal and key based on the client – Require changes in Hadoop, Hbase and Zookeeper servers. NN Hadoop AD DN TT hdfs/nn@hadoop hdfs/nn@corp Secure Hadoop @ eBay 9 CORP AD Obtain service ticket for hdfs/nn Obtain service ticket for hdfs/nn
User Authentication - Obtaining tickets •Ad-hoc jobs/queries are run using personal accounts – PAM module fetches tickets at login – kinit when tickets expire. •Production jobs are run using batch accounts. – Uses keytabs to obtain tickets – Automatic ticket renewal using K5start – Enabled transparent security rollout Secure Hadoop @ eBay 10
Encrypting Sensitive Data •Use case – Copies encrypted data to the cluster. – Key identifiers passed during job submission. – Job Client fetches Keys from Key Store using user’s credentials – Key Values protected using Cluster’s public key •Work in progress Key Store Job Client Read secrets JJob, S Secure Hadoop @ eBay 11 Hadoop Cluster
Direct Access to the cluster •Current Cluster Access is through the Gateway machine •Direct Access to cluster from Desktops – The communication should be encrypted – Communication inside the firewall need not be encrypted •Advantages – Increases user productivity – Reduce utilization of Gateway Gate wayssh Secure Hadoop @ eBay 12 Hadoop Cluster Auth Auth+Privacy
Summary •Infrastructure using Active Directory and separate domains •Authentication across domains without domain trust •Rollout with minimal disruption •Additional security features Secure Hadoop @ eBay 13
Process Supervision •Why? •What? •Process tree •Configuring a service •Sample run scripts •Service state commands •The env directory Secure Hadoop @ eBay 14
Why? •Daemons die from time to time – We don’t know about it – Would be nice if we could do something about it in a smart way •There are different ways to control daemons – Not portable – Changes with platform – Some init scripts are not well-written – Some ways require sudo – Caller’s environment can affect how daemon runs – Some ways don’t handle automatic restarts  Enter process supervision! Secure Hadoop @ eBay 15
What? •daemontools-encore: a uniform mechanism to control daemons – Simple command set: svc, svstat, svup, svok – Supports process state change callback (notify script) •Alert when a daemon crashes •Smart restarts (don’t restart if trashing) – Can be used for one-shot jobs (svc –o) – Portable, runs on many UNIX versions – Robust and reliable code (small is beautiful) – Includes configurable log management •multilog manages stdout, stderr output •Never fill up your disks •Multiple log queues possible (e.g. everything, errors only) Secure Hadoop @ eBay 16
Process Tree PPID PID STAT UID TIME COMMAND 1 2170 Ss 0 0:00 /bin/sh /usr/bin/svscanboot 2170 2183 S 0 1:35 _ svscan /service 2183 2185 S 0 0:00 | _ supervise gmon 2185 6494 Ss 101 0:02 | | _ /usr/sbin/gmond --foreground 2183 2186 S 0 0:00 | _ supervise log 2186 2198 Ss 101 0:00 | | _ multilog t ./main 2183 2187 S 0 0:00 | _ supervise puppet 2187 11917 Ssl 0 0:30 | | _ /apache/ruby-1.9.3/bin/ruby /apache/ruby-1.9.3/bin/puppet agent --no-daemonize --debug 2183 2188 S 0 0:00 | _ supervise log 2188 2199 Ss 52 0:54 | | _ multilog t ./main 2183 2189 S 0 0:00 | _ supervise hbase-regionserver 2189 3221 Ssl 680 7823:56 | | _ /usr/java/latest/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1000m -ea -XX:+HeapDumpOnOutOfMemoryError 2183 2190 S 0 0:00 | _ supervise log 2190 2196 Ss 680 0:00 | | _ multilog s10485760 n500 ./main 2183 2191 S 0 0:00 | _ supervise datanode 2191 31690 Ss 0 0:00 | | _ jsvc.exec -Dproc_datanode -outfile /apache/hadoop-1.1.2.22/libexec/../logs/jsvc.out 31690 31795 Sl 680 2457:22 | | _ jsvc.exec -Dproc_datanode -outfile /apache/hadoop-1.1.2.22/libexec/../logs/jsvc.out 2183 2192 S 0 0:00 | _ supervise log 2192 2204 Ss 680 0:00 | | _ multilog s10485760 n500 ./main 2183 2193 S 0 3:39 | _ supervise tasktracker 2193 28229 Ssl 680 1587:34 | | _ /usr/java/latest/bin/java -Dproc_tasktracker -Xmx600m -server -Dlog4j.configuration=log4j.properties 28229 8218 Ssl 1098929040 1103:23 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 30645 Ssl 1098929444 1:27 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7444 Ssl 1098929009 5:53 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7446 Ssl 1098929009 6:12 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7455 Ssl 1098929009 6:07 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7848 Ssl 1098929009 6:32 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 2183 2194 S 0 0:00 | _ supervise log 2194 2205 Ss 680 2:06 | _ multilog s10485760 n500 ./main 2170 2184 S 0 0:00 _ readproctitle service errors: ............................................................................ Secure Hadoop @ eBay 17
Configuring A Service •A service consists of a directory: /var/lib/service/foo •Holds some files and directories: – start (optional) – run – notify (optional) – stop (optional) – log/run – log/main – env •To enable a service, put a symlink to it in /service, and svscan will start it: – ln –s /var/lib/service/foo /service/foo Secure Hadoop @ eBay 18
Sample run Scripts /service/tasktracker/run #!/bin/sh exec 2>&1 # Give the hadoop user access setfacl -R -m u:hadoop:rwx supervise exec envdir env setuidgid hadoop /apache/hadoop/bin/hadoop tasktracker /service/tasktracker/log/run #!/bin/sh # Give the hadoop user access setfacl -R -m u:hadoop:rwx supervise test -d main || install -o hadoop -d main exec setuidgid hadoop multilog s10485760 n500 ./main Secure Hadoop @ eBay 19
The env directory # pwd /service/datanode/env # head * ==> HADOOP_DATANODE_OPTS <== -Dhadoop.log.file.RFA.MaxBackupIndex=500 -Dhadoop.log.file.RFA.MaxFileSize=100MB ==> HADOOP_HOME <== /apache/hadoop ==> HADOOP_LOG_DIR <== /apache/hadoop/logs ==> HADOOP_LOGFILE <== hadoop-hadoop-datanode.log ==> HADOOP_ROOT_LOGGER <== INFO,RFA ==> HADOOP_SECURE_DN_USER <== Hadoop # Can use echo and rm to edit values! Secure Hadoop @ eBay 20
Service State Commands Secure Hadoop @ eBay 21 # svstat /service/* /service/datanode: up (pid 31690) 2774877 seconds, running /service/gmon: up (pid 24474) 41500 seconds, running /service/hbase-regionserver: up (pid 3221) 6475035 seconds, running /service/puppet: up (pid 11917) 2246936 seconds, running /service/tasktracker: up (pid 28229) 2757029 seconds, running # svc -t /service/datanode # sleep 10 # svstat /service/datanode /service/datanode: up (pid 8203) 10 seconds, running # svc -d /service/datanode # svstat /service/datanode /service/datanode: down 6 seconds, normally up, stopped # svc -u /service/datanode # sleep 10 # svstat /service/datanode /service/datanode: up (pid 9582) 10 seconds, running #
Questions ? Secure Hadoop @ eBay 22

Recommended

Social Connections 13 - Troubleshooting Connections Pink
Social Connections 13 - Troubleshooting Connections PinkSocial Connections 13 - Troubleshooting Connections Pink
Social Connections 13 - Troubleshooting Connections PinkNico Meisenzahl
 
Elk ruminating on logs
Elk ruminating on logsElk ruminating on logs
Elk ruminating on logsMathew Beane
 
Nagios Conference 2013 - Eric Stanley and Andy Brist - API and Nagios
Nagios Conference 2013 - Eric Stanley and Andy Brist - API and NagiosNagios Conference 2013 - Eric Stanley and Andy Brist - API and Nagios
Nagios Conference 2013 - Eric Stanley and Andy Brist - API and NagiosNagios
 
Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15Icinga
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingAngel Borroy López
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceNagios
 
Icinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer LinuxtageIcinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer LinuxtageIcinga
 
From pets to cattle - powered by CoreOS, docker, Mesos & nginx
From pets to cattle - powered by CoreOS, docker, Mesos & nginxFrom pets to cattle - powered by CoreOS, docker, Mesos & nginx
From pets to cattle - powered by CoreOS, docker, Mesos & nginxQAware GmbH
 

Recommended

Social Connections 13 - Troubleshooting Connections Pink
Social Connections 13 - Troubleshooting Connections PinkSocial Connections 13 - Troubleshooting Connections Pink
Social Connections 13 - Troubleshooting Connections PinkNico Meisenzahl
 
Elk ruminating on logs
Elk ruminating on logsElk ruminating on logs
Elk ruminating on logsMathew Beane
 
Nagios Conference 2013 - Eric Stanley and Andy Brist - API and Nagios
Nagios Conference 2013 - Eric Stanley and Andy Brist - API and NagiosNagios Conference 2013 - Eric Stanley and Andy Brist - API and Nagios
Nagios Conference 2013 - Eric Stanley and Andy Brist - API and NagiosNagios
 
Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15Why favor Icinga over Nagios @ DebConf15
Why favor Icinga over Nagios @ DebConf15Icinga
 
Bee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingBee con2016 presentation_20160125004_installing
Bee con2016 presentation_20160125004_installingAngel Borroy López
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceNagios
 
Icinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer LinuxtageIcinga 2011 at Chemnitzer Linuxtage
Icinga 2011 at Chemnitzer LinuxtageIcinga
 
From pets to cattle - powered by CoreOS, docker, Mesos & nginx
From pets to cattle - powered by CoreOS, docker, Mesos & nginxFrom pets to cattle - powered by CoreOS, docker, Mesos & nginx
From pets to cattle - powered by CoreOS, docker, Mesos & nginxQAware GmbH
 
ChatOps with Icinga and StackStorm
ChatOps with Icinga and StackStormChatOps with Icinga and StackStorm
ChatOps with Icinga and StackStormIcinga
 
OSMC 2021 | Monitoring @ G&D
OSMC 2021 | Monitoring @ G&DOSMC 2021 | Monitoring @ G&D
OSMC 2021 | Monitoring @ G&DNETWAYS
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Angel Borroy López
 
State of Development - Icinga Meetup Linz August 2019
State of Development - Icinga Meetup Linz August 2019State of Development - Icinga Meetup Linz August 2019
State of Development - Icinga Meetup Linz August 2019Icinga
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaIcinga
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga
 
Icinga @OSMC 2013
Icinga @OSMC 2013Icinga @OSMC 2013
Icinga @OSMC 2013Icinga
 
Creating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleCreating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleSean Chittenden
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in AlfrescoAngel Borroy López
 
Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copyNETWAYS
 
Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Angel Borroy López
 
Oracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerOracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerGuatemala User Group
 
Bee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrBee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrAngel Borroy López
 
Oracle SOA suite and Coherence dehydration
Oracle SOA suite and Coherence dehydrationOracle SOA suite and Coherence dehydration
Oracle SOA suite and Coherence dehydrationMichel Schildmeijer
 
Icinga 2011 at Nagios Workshop
Icinga 2011 at Nagios WorkshopIcinga 2011 at Nagios Workshop
Icinga 2011 at Nagios WorkshopIcinga
 
Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates Angel Borroy López
 
Docker for Ruby Developers
Docker for Ruby DevelopersDocker for Ruby Developers
Docker for Ruby DevelopersAptible
 
Practical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsPractical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsNelson Calero
 
NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!Jeff Anderson
 
Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Icinga
 
Unlawful Workplace Violations: [How Companies Break The Law]
Unlawful Workplace Violations: [How Companies Break The Law]Unlawful Workplace Violations: [How Companies Break The Law]
Unlawful Workplace Violations: [How Companies Break The Law]Richard Celler
 
Wondersoft WhoIsIn
Wondersoft WhoIsInWondersoft WhoIsIn
Wondersoft WhoIsInsabharishankar
 

More Related Content

What's hot

ChatOps with Icinga and StackStorm
ChatOps with Icinga and StackStormChatOps with Icinga and StackStorm
ChatOps with Icinga and StackStormIcinga
 
OSMC 2021 | Monitoring @ G&D
OSMC 2021 | Monitoring @ G&DOSMC 2021 | Monitoring @ G&D
OSMC 2021 | Monitoring @ G&DNETWAYS
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Angel Borroy López
 
State of Development - Icinga Meetup Linz August 2019
State of Development - Icinga Meetup Linz August 2019State of Development - Icinga Meetup Linz August 2019
State of Development - Icinga Meetup Linz August 2019Icinga
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaIcinga
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga
 
Icinga @OSMC 2013
Icinga @OSMC 2013Icinga @OSMC 2013
Icinga @OSMC 2013Icinga
 
Creating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleCreating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleSean Chittenden
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in AlfrescoAngel Borroy López
 
Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copyNETWAYS
 
Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Angel Borroy López
 
Oracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerOracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerGuatemala User Group
 
Bee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrBee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrAngel Borroy López
 
Oracle SOA suite and Coherence dehydration
Oracle SOA suite and Coherence dehydrationOracle SOA suite and Coherence dehydration
Oracle SOA suite and Coherence dehydrationMichel Schildmeijer
 
Icinga 2011 at Nagios Workshop
Icinga 2011 at Nagios WorkshopIcinga 2011 at Nagios Workshop
Icinga 2011 at Nagios WorkshopIcinga
 
Docker for Ruby Developers
Docker for Ruby DevelopersDocker for Ruby Developers
Docker for Ruby DevelopersAptible
 
Practical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsPractical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsNelson Calero
 
NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!Jeff Anderson
 
Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Icinga
 

What's hot (20)

ChatOps with Icinga and StackStorm
ChatOps with Icinga and StackStormChatOps with Icinga and StackStorm
ChatOps with Icinga and StackStorm
 
OSMC 2021 | Monitoring @ G&D
OSMC 2021 | Monitoring @ G&DOSMC 2021 | Monitoring @ G&D
OSMC 2021 | Monitoring @ G&D
 
Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1Ef09 installing-alfresco-components-1-by-1
Ef09 installing-alfresco-components-1-by-1
 
State of Development - Icinga Meetup Linz August 2019
State of Development - Icinga Meetup Linz August 2019State of Development - Icinga Meetup Linz August 2019
State of Development - Icinga Meetup Linz August 2019
 
Monitoring Open Source Databases with Icinga
Monitoring Open Source Databases with IcingaMonitoring Open Source Databases with Icinga
Monitoring Open Source Databases with Icinga
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San Francisco
 
Icinga @OSMC 2013
Icinga @OSMC 2013Icinga @OSMC 2013
Icinga @OSMC 2013
 
Creating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at ScaleCreating PostgreSQL-as-a-Service at Scale
Creating PostgreSQL-as-a-Service at Scale
 
(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco(Re)Indexing Large Repositories in Alfresco
(Re)Indexing Large Repositories in Alfresco
 
Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copy
 
Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0Discovering the 2 in Alfresco Search Services 2.0
Discovering the 2 in Alfresco Search Services 2.0
 
Oracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with DockerOracle WebLogic Server 12c with Docker
Oracle WebLogic Server 12c with Docker
 
Bee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocrBee con2016 lightning_20160125005_ocr
Bee con2016 lightning_20160125005_ocr
 
Oracle SOA suite and Coherence dehydration
Oracle SOA suite and Coherence dehydrationOracle SOA suite and Coherence dehydration
Oracle SOA suite and Coherence dehydration
 
Icinga 2011 at Nagios Workshop
Icinga 2011 at Nagios WorkshopIcinga 2011 at Nagios Workshop
Icinga 2011 at Nagios Workshop
 
Alfresco Certificates
Alfresco Certificates Alfresco Certificates
Alfresco Certificates
 
Docker for Ruby Developers
Docker for Ruby DevelopersDocker for Ruby Developers
Docker for Ruby Developers
 
Practical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsPractical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environments
 
NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!NGINX Can Do That? Test Drive Your Config File!
NGINX Can Do That? Test Drive Your Config File!
 
Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015Why favour Icinga over Nagios @ OSDC 2015
Why favour Icinga over Nagios @ OSDC 2015
 

Viewers also liked

Unlawful Workplace Violations: [How Companies Break The Law]
Unlawful Workplace Violations: [How Companies Break The Law]Unlawful Workplace Violations: [How Companies Break The Law]
Unlawful Workplace Violations: [How Companies Break The Law]Richard Celler
 
5 Great Types of Posts That Will Bring Traffic to your Blog
5 Great Types of Posts That Will Bring Traffic to your Blog5 Great Types of Posts That Will Bring Traffic to your Blog
5 Great Types of Posts That Will Bring Traffic to your BlogLinkNow Media
 
SDA Supplier of the year from Dixons retail
SDA Supplier of the year from Dixons retailSDA Supplier of the year from Dixons retail
SDA Supplier of the year from Dixons retailAlistair Roberts
 
Process & Communication Automation •Utilizing software to automate business-c...
Process & Communication Automation •Utilizing software to automate business-c...Process & Communication Automation •Utilizing software to automate business-c...
Process & Communication Automation •Utilizing software to automate business-c...PHX Startup Week
 
Maternity Leave Rights [FAQ] Answered
Maternity Leave Rights [FAQ] AnsweredMaternity Leave Rights [FAQ] Answered
Maternity Leave Rights [FAQ] AnsweredRichard Celler
 
Nifaaq presentation
Nifaaq presentationNifaaq presentation
Nifaaq presentationM Akhtar
 
Idioms with pictures 10
Idioms with pictures 10Idioms with pictures 10
Idioms with pictures 10Akmal Ariffin
 

Viewers also liked (11)

Unlawful Workplace Violations: [How Companies Break The Law]
Unlawful Workplace Violations: [How Companies Break The Law]Unlawful Workplace Violations: [How Companies Break The Law]
Unlawful Workplace Violations: [How Companies Break The Law]
 
Wondersoft WhoIsIn
Wondersoft WhoIsInWondersoft WhoIsIn
Wondersoft WhoIsIn
 
5 Great Types of Posts That Will Bring Traffic to your Blog
5 Great Types of Posts That Will Bring Traffic to your Blog5 Great Types of Posts That Will Bring Traffic to your Blog
5 Great Types of Posts That Will Bring Traffic to your Blog
 
SDA Supplier of the year from Dixons retail
SDA Supplier of the year from Dixons retailSDA Supplier of the year from Dixons retail
SDA Supplier of the year from Dixons retail
 
Đèn LED chiếu sáng khu vực chung nhà xưởng
Đèn LED chiếu sáng khu vực chung nhà xưởngĐèn LED chiếu sáng khu vực chung nhà xưởng
Đèn LED chiếu sáng khu vực chung nhà xưởng
 
Process & Communication Automation •Utilizing software to automate business-c...
Process & Communication Automation •Utilizing software to automate business-c...Process & Communication Automation •Utilizing software to automate business-c...
Process & Communication Automation •Utilizing software to automate business-c...
 
Pregnancy Discrimination
Pregnancy DiscriminationPregnancy Discrimination
Pregnancy Discrimination
 
Maternity Leave Rights [FAQ] Answered
Maternity Leave Rights [FAQ] AnsweredMaternity Leave Rights [FAQ] Answered
Maternity Leave Rights [FAQ] Answered
 
Nifaaq presentation
Nifaaq presentationNifaaq presentation
Nifaaq presentation
 
Movie script
Movie scriptMovie script
Movie script
 
Idioms with pictures 10
Idioms with pictures 10Idioms with pictures 10
Idioms with pictures 10
 

Similar to Securing Hadoop @eBay

IBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections TroubleshootingIBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections TroubleshootingNico Meisenzahl
 
MySQL 5.6 Replication Webinar
MySQL 5.6 Replication WebinarMySQL 5.6 Replication Webinar
MySQL 5.6 Replication WebinarMark Swarbrick
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsLetsConnect
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Pavel Chunyayev
 
Host Health Monitoring with Docker Run
Host Health Monitoring with Docker RunHost Health Monitoring with Docker Run
Host Health Monitoring with Docker RunNoah Zoschke
 
Real-time Big Data Analytics Engine using Impala
Real-time Big Data Analytics Engine using ImpalaReal-time Big Data Analytics Engine using Impala
Real-time Big Data Analytics Engine using ImpalaJason Shih
 
be the captain of your connections deployment
be the captain of your connections deploymentbe the captain of your connections deployment
be the captain of your connections deploymentSharon James
 
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 20161049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016panagenda
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performanceEngine Yard
 
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 Geir Høydalsvik
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)Mathew Beane
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMICF CIRCUIT
 
Icinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrationsIcinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrationsIcinga
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutSander Temme
 
Adm02. IBM Connections Adminblast
Adm02. IBM Connections AdminblastAdm02. IBM Connections Adminblast
Adm02. IBM Connections Adminblastpanagenda
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
 
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Colin Charles
 
MySQL replication best practices 105-232-931
MySQL replication best practices 105-232-931MySQL replication best practices 105-232-931
MySQL replication best practices 105-232-931Baruch Osoveskiy
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitColin Charles
 

Similar to Securing Hadoop @eBay (20)

IBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections TroubleshootingIBM Think 2018 - IBM Connections Troubleshooting
IBM Think 2018 - IBM Connections Troubleshooting
 
MySQL 5.6 Replication Webinar
MySQL 5.6 Replication WebinarMySQL 5.6 Replication Webinar
MySQL 5.6 Replication Webinar
 
Best And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM ConnectionsBest And Worst Practices Deploying IBM Connections
Best And Worst Practices Deploying IBM Connections
 
Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015Ansible benelux meetup - Amsterdam 27-5-2015
Ansible benelux meetup - Amsterdam 27-5-2015
 
Host Health Monitoring with Docker Run
Host Health Monitoring with Docker RunHost Health Monitoring with Docker Run
Host Health Monitoring with Docker Run
 
Real-time Big Data Analytics Engine using Impala
Real-time Big Data Analytics Engine using ImpalaReal-time Big Data Analytics Engine using Impala
Real-time Big Data Analytics Engine using Impala
 
be the captain of your connections deployment
be the captain of your connections deploymentbe the captain of your connections deployment
be the captain of your connections deployment
 
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 20161049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
 
6 tips for improving ruby performance
6 tips for improving ruby performance6 tips for improving ruby performance
6 tips for improving ruby performance
 
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015 2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
2015: Whats New in MySQL 5.7, At Oracle Open World, November 3rd, 2015
 
ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)ELK Ruminating on Logs (Zendcon 2016)
ELK Ruminating on Logs (Zendcon 2016)
 
CIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEMCIRCUIT 2015 - Monitoring AEM
CIRCUIT 2015 - Monitoring AEM
 
Galera webinar migration to galera cluster from my sql async replication
Galera webinar migration to galera cluster from my sql async replicationGalera webinar migration to galera cluster from my sql async replication
Galera webinar migration to galera cluster from my sql async replication
 
Icinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrationsIcinga Camp Bangalore - Icinga integrations
Icinga Camp Bangalore - Icinga integrations
 
Apache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling OutApache Performance Tuning: Scaling Out
Apache Performance Tuning: Scaling Out
 
Adm02. IBM Connections Adminblast
Adm02. IBM Connections AdminblastAdm02. IBM Connections Adminblast
Adm02. IBM Connections Adminblast
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
 
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015
 
MySQL replication best practices 105-232-931
MySQL replication best practices 105-232-931MySQL replication best practices 105-232-931
MySQL replication best practices 105-232-931
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web Summit
 

More from DataWorks Summit

Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisDataWorks Summit
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiTracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiDataWorks Summit
 
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...DataWorks Summit
 
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...DataWorks Summit
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal SystemDataWorks Summit
 
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExamplePractical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExampleDataWorks Summit
 
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberHBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberDataWorks Summit
 
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixScaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixDataWorks Summit
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiDataWorks Summit
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsDataWorks Summit
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureDataWorks Summit
 
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EnginePresto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EngineDataWorks Summit
 
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...DataWorks Summit
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudDataWorks Summit
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiDataWorks Summit
 
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerSecuring Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerDataWorks Summit
 
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...DataWorks Summit
 
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouComputer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouDataWorks Summit
 
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkBig Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkDataWorks Summit
 

More from DataWorks Summit (20)

Data Science Crash Course
Data Science Crash CourseData Science Crash Course
Data Science Crash Course
 
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiTracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
 
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...
 
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal System
 
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExamplePractical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist Example
 
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberHBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at Uber
 
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixScaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability Improvements
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
 
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EnginePresto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything Engine
 
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
 
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerSecuring Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
 
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
 
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouComputer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near You
 
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkBig Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
 

Recently uploaded

Hire 💕 8617697112 Kasauli Call Girls Service Call Girls Agency
Hire 💕 8617697112 Kasauli Call Girls Service Call Girls AgencyHire 💕 8617697112 Kasauli Call Girls Service Call Girls Agency
Hire 💕 8617697112 Kasauli Call Girls Service Call Girls AgencyNitya salvi
 
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual serviceanilsa9823
 
Top Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash Payment
Top Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash PaymentTop Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash Payment
Top Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash Paymentanilsa9823
 
( Sports training) All topic (MCQs).pptx
( Sports training) All topic (MCQs).pptx( Sports training) All topic (MCQs).pptx
( Sports training) All topic (MCQs).pptxParshotamGupta1
 
Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...
Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...
Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...World Wide Tickets And Hospitality
 
Technical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics Trade
Technical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics TradeTechnical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics Trade
Technical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics TradeOptics-Trade
 
Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...
Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...
Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...baharayali
 
JORNADA 5 LIGA MURO 2024INSUGURACION.pdf
JORNADA 5 LIGA MURO 2024INSUGURACION.pdfJORNADA 5 LIGA MURO 2024INSUGURACION.pdf
JORNADA 5 LIGA MURO 2024INSUGURACION.pdfArturo Pacheco Alvarez
 
Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...
Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...
Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...Neil Horowitz
 
CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣
CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣
CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣anilsa9823
 
08448380779 Call Girls In Lajpat Nagar Women Seeking Men
08448380779 Call Girls In Lajpat Nagar Women Seeking Men08448380779 Call Girls In Lajpat Nagar Women Seeking Men
08448380779 Call Girls In Lajpat Nagar Women Seeking MenDelhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Who Is Emmanuel Katto Uganda? His Career, personal life etc.
Who Is Emmanuel Katto Uganda? His Career, personal life etc.Who Is Emmanuel Katto Uganda? His Career, personal life etc.
Who Is Emmanuel Katto Uganda? His Career, personal life etc.Marina Costa
 
08448380779 Call Girls In IIT Women Seeking Men
08448380779 Call Girls In IIT Women Seeking Men08448380779 Call Girls In IIT Women Seeking Men
08448380779 Call Girls In IIT Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Karol Bagh Women Seeking Men
08448380779 Call Girls In Karol Bagh Women Seeking Men08448380779 Call Girls In Karol Bagh Women Seeking Men
08448380779 Call Girls In Karol Bagh Women Seeking MenDelhi Call girls
 
TAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdf
TAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdfTAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdf
TAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdfSocial Samosa
 
08448380779 Call Girls In International Airport Women Seeking Men
08448380779 Call Girls In International Airport Women Seeking Men08448380779 Call Girls In International Airport Women Seeking Men
08448380779 Call Girls In International Airport Women Seeking MenDelhi Call girls
 
9990611130 Find & Book Russian Call Girls In Ghazipur
9990611130 Find & Book Russian Call Girls In Ghazipur9990611130 Find & Book Russian Call Girls In Ghazipur
9990611130 Find & Book Russian Call Girls In GhazipurGenuineGirls
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺anilsa9823
 

Recently uploaded (20)

Hire 💕 8617697112 Kasauli Call Girls Service Call Girls Agency
Hire 💕 8617697112 Kasauli Call Girls Service Call Girls AgencyHire 💕 8617697112 Kasauli Call Girls Service Call Girls Agency
Hire 💕 8617697112 Kasauli Call Girls Service Call Girls Agency
 
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Chinhat Lucknow best sexual service
 
Top Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash Payment
Top Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash PaymentTop Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash Payment
Top Call Girls In Jankipuram ( Lucknow ) 🔝 8923113531 🔝 Cash Payment
 
( Sports training) All topic (MCQs).pptx
( Sports training) All topic (MCQs).pptx( Sports training) All topic (MCQs).pptx
( Sports training) All topic (MCQs).pptx
 
Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...
Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...
Spain Vs Italy 20 players confirmed for Spain's Euro 2024 squad, and three po...
 
Technical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics Trade
Technical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics TradeTechnical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics Trade
Technical Data | Sig Sauer Easy6 BDX 1-6x24 | Optics Trade
 
Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...
Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...
Asli Kala jadu, Black magic specialist in Pakistan Or Kala jadu expert in Egy...
 
JORNADA 5 LIGA MURO 2024INSUGURACION.pdf
JORNADA 5 LIGA MURO 2024INSUGURACION.pdfJORNADA 5 LIGA MURO 2024INSUGURACION.pdf
JORNADA 5 LIGA MURO 2024INSUGURACION.pdf
 
Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...
Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...
Atlanta Dream Exec Dan Gadd on Driving Fan Engagement and Growth, Serving the...
 
CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣
CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣
CALL ON ➥8923113531 🔝Call Girls Telibagh Lucknow best Night Fun service 🧣
 
08448380779 Call Girls In Lajpat Nagar Women Seeking Men
08448380779 Call Girls In Lajpat Nagar Women Seeking Men08448380779 Call Girls In Lajpat Nagar Women Seeking Men
08448380779 Call Girls In Lajpat Nagar Women Seeking Men
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Call Girls Service Noida Extension @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Noida Extension @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Noida Extension @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Noida Extension @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
Who Is Emmanuel Katto Uganda? His Career, personal life etc.
Who Is Emmanuel Katto Uganda? His Career, personal life etc.Who Is Emmanuel Katto Uganda? His Career, personal life etc.
Who Is Emmanuel Katto Uganda? His Career, personal life etc.
 
08448380779 Call Girls In IIT Women Seeking Men
08448380779 Call Girls In IIT Women Seeking Men08448380779 Call Girls In IIT Women Seeking Men
08448380779 Call Girls In IIT Women Seeking Men
 
08448380779 Call Girls In Karol Bagh Women Seeking Men
08448380779 Call Girls In Karol Bagh Women Seeking Men08448380779 Call Girls In Karol Bagh Women Seeking Men
08448380779 Call Girls In Karol Bagh Women Seeking Men
 
TAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdf
TAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdfTAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdf
TAM Sports_IPL 17 Till Match 37_Celebrity Endorsement _Report.pdf
 
08448380779 Call Girls In International Airport Women Seeking Men
08448380779 Call Girls In International Airport Women Seeking Men08448380779 Call Girls In International Airport Women Seeking Men
08448380779 Call Girls In International Airport Women Seeking Men
 
9990611130 Find & Book Russian Call Girls In Ghazipur
9990611130 Find & Book Russian Call Girls In Ghazipur9990611130 Find & Book Russian Call Girls In Ghazipur
9990611130 Find & Book Russian Call Girls In Ghazipur
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best Female service 🦺
 

Securing Hadoop @eBay

  • 1. Secure Hadoop @ eBay Benoy Antony & Jos Backus
  • 3. Cluster Facts •Shared clusters & dedicated clusters •10s of PB and 10’s of thousands of slots per cluster •Runs HDP 1.2 •Used Primarily for analysis of user behavior and inventory •Mix of production jobs and ad-hoc jobs •Mix of MR, Hive, Pig, Cascading, Streaming etc. Secure Hadoop @ eBay 3
  • 4. Why is Security needed at eBay ? •To control access to sensitive data – ACLS are ineffective without strong authentication •To execute tasks as the Job submitter •Build new features – Encryption Secure Hadoop @ eBay 4
  • 5. Hadoop Security Overview •Authentication using Kerberos •Authorization via ACLs. •Group and user information using LDAP •Pluggable authentication for webui Secure Hadoop @ eBay 5
  • 6. Security Infrastructure @ eBay •Cluster machines including Gateway are inside the firewall •Uses Active Directory for Kerberos and LDAP •Separate Domain for users and Hadoop Servers CORP AD Gate way JT NN HBM DN TT RS DN TT RS Hadoop AD Secure Hadoop @ eBay 6
  • 7. Advantages of Separate user and Server Domains •Separates User and Server Authentication •Prevents additional Kerberos and LDAP traffic to Corp Servers •Hadoop team can manage Hadoop Server Accounts CORP AD Hadoop AD Secure Hadoop @ eBay 7 Hadoop Cluster Nodes Server accounts User accounts
  • 8. Syncing Hadoop User Information •All nodes require User and Group Information – Permissions checks – Running tasks •Hadoop AD should contain user and group information •Periodic synchronization of user information from CORP AD to Hadoop AD – LDAP Synchronization Connector – User’s password is not synced. CORP AD Gate way JT NN DN TT DN TT Hadoop AD Secure Hadoop @ eBay 8 LSC Hadoop groups Hadoop users Batch accounts
  • 9. No Cross Domain Trust ! •Modified Hadoop Authentication Layer – Hadoop Masters have two principals and corresponding keytabs •hdfs/namenode@hadoop.ebay.com •hdfs/namenode@corp.ebay.com – Loads server principal and key based on the client – Require changes in Hadoop, Hbase and Zookeeper servers. NN Hadoop AD DN TT hdfs/nn@hadoop hdfs/nn@corp Secure Hadoop @ eBay 9 CORP AD Obtain service ticket for hdfs/nn Obtain service ticket for hdfs/nn
  • 10. User Authentication - Obtaining tickets •Ad-hoc jobs/queries are run using personal accounts – PAM module fetches tickets at login – kinit when tickets expire. •Production jobs are run using batch accounts. – Uses keytabs to obtain tickets – Automatic ticket renewal using K5start – Enabled transparent security rollout Secure Hadoop @ eBay 10
  • 11. Encrypting Sensitive Data •Use case – Copies encrypted data to the cluster. – Key identifiers passed during job submission. – Job Client fetches Keys from Key Store using user’s credentials – Key Values protected using Cluster’s public key •Work in progress Key Store Job Client Read secrets JJob, S Secure Hadoop @ eBay 11 Hadoop Cluster
  • 12. Direct Access to the cluster •Current Cluster Access is through the Gateway machine •Direct Access to cluster from Desktops – The communication should be encrypted – Communication inside the firewall need not be encrypted •Advantages – Increases user productivity – Reduce utilization of Gateway Gate wayssh Secure Hadoop @ eBay 12 Hadoop Cluster Auth Auth+Privacy
  • 13. Summary •Infrastructure using Active Directory and separate domains •Authentication across domains without domain trust •Rollout with minimal disruption •Additional security features Secure Hadoop @ eBay 13
  • 14. Process Supervision •Why? •What? •Process tree •Configuring a service •Sample run scripts •Service state commands •The env directory Secure Hadoop @ eBay 14
  • 15. Why? •Daemons die from time to time – We don’t know about it – Would be nice if we could do something about it in a smart way •There are different ways to control daemons – Not portable – Changes with platform – Some init scripts are not well-written – Some ways require sudo – Caller’s environment can affect how daemon runs – Some ways don’t handle automatic restarts  Enter process supervision! Secure Hadoop @ eBay 15
  • 16. What? •daemontools-encore: a uniform mechanism to control daemons – Simple command set: svc, svstat, svup, svok – Supports process state change callback (notify script) •Alert when a daemon crashes •Smart restarts (don’t restart if trashing) – Can be used for one-shot jobs (svc –o) – Portable, runs on many UNIX versions – Robust and reliable code (small is beautiful) – Includes configurable log management •multilog manages stdout, stderr output •Never fill up your disks •Multiple log queues possible (e.g. everything, errors only) Secure Hadoop @ eBay 16
  • 17. Process Tree PPID PID STAT UID TIME COMMAND 1 2170 Ss 0 0:00 /bin/sh /usr/bin/svscanboot 2170 2183 S 0 1:35 _ svscan /service 2183 2185 S 0 0:00 | _ supervise gmon 2185 6494 Ss 101 0:02 | | _ /usr/sbin/gmond --foreground 2183 2186 S 0 0:00 | _ supervise log 2186 2198 Ss 101 0:00 | | _ multilog t ./main 2183 2187 S 0 0:00 | _ supervise puppet 2187 11917 Ssl 0 0:30 | | _ /apache/ruby-1.9.3/bin/ruby /apache/ruby-1.9.3/bin/puppet agent --no-daemonize --debug 2183 2188 S 0 0:00 | _ supervise log 2188 2199 Ss 52 0:54 | | _ multilog t ./main 2183 2189 S 0 0:00 | _ supervise hbase-regionserver 2189 3221 Ssl 680 7823:56 | | _ /usr/java/latest/bin/java -XX:OnOutOfMemoryError=kill -9 %p -Xmx1000m -ea -XX:+HeapDumpOnOutOfMemoryError 2183 2190 S 0 0:00 | _ supervise log 2190 2196 Ss 680 0:00 | | _ multilog s10485760 n500 ./main 2183 2191 S 0 0:00 | _ supervise datanode 2191 31690 Ss 0 0:00 | | _ jsvc.exec -Dproc_datanode -outfile /apache/hadoop-1.1.2.22/libexec/../logs/jsvc.out 31690 31795 Sl 680 2457:22 | | _ jsvc.exec -Dproc_datanode -outfile /apache/hadoop-1.1.2.22/libexec/../logs/jsvc.out 2183 2192 S 0 0:00 | _ supervise log 2192 2204 Ss 680 0:00 | | _ multilog s10485760 n500 ./main 2183 2193 S 0 3:39 | _ supervise tasktracker 2193 28229 Ssl 680 1587:34 | | _ /usr/java/latest/bin/java -Dproc_tasktracker -Xmx600m -server -Dlog4j.configuration=log4j.properties 28229 8218 Ssl 1098929040 1103:23 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 30645 Ssl 1098929444 1:27 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7444 Ssl 1098929009 5:53 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7446 Ssl 1098929009 6:12 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7455 Ssl 1098929009 6:07 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 28229 7848 Ssl 1098929009 6:32 | | _ /usr/java/jdk1.6.0_31/jre/bin/java -Djava.library.path=/apache/hadoop-1.1.2.22/libexec/../ 2183 2194 S 0 0:00 | _ supervise log 2194 2205 Ss 680 2:06 | _ multilog s10485760 n500 ./main 2170 2184 S 0 0:00 _ readproctitle service errors: ............................................................................ Secure Hadoop @ eBay 17
  • 18. Configuring A Service •A service consists of a directory: /var/lib/service/foo •Holds some files and directories: – start (optional) – run – notify (optional) – stop (optional) – log/run – log/main – env •To enable a service, put a symlink to it in /service, and svscan will start it: – ln –s /var/lib/service/foo /service/foo Secure Hadoop @ eBay 18
  • 19. Sample run Scripts /service/tasktracker/run #!/bin/sh exec 2>&1 # Give the hadoop user access setfacl -R -m u:hadoop:rwx supervise exec envdir env setuidgid hadoop /apache/hadoop/bin/hadoop tasktracker /service/tasktracker/log/run #!/bin/sh # Give the hadoop user access setfacl -R -m u:hadoop:rwx supervise test -d main || install -o hadoop -d main exec setuidgid hadoop multilog s10485760 n500 ./main Secure Hadoop @ eBay 19
  • 20. The env directory # pwd /service/datanode/env # head * ==> HADOOP_DATANODE_OPTS <== -Dhadoop.log.file.RFA.MaxBackupIndex=500 -Dhadoop.log.file.RFA.MaxFileSize=100MB ==> HADOOP_HOME <== /apache/hadoop ==> HADOOP_LOG_DIR <== /apache/hadoop/logs ==> HADOOP_LOGFILE <== hadoop-hadoop-datanode.log ==> HADOOP_ROOT_LOGGER <== INFO,RFA ==> HADOOP_SECURE_DN_USER <== Hadoop # Can use echo and rm to edit values! Secure Hadoop @ eBay 20
  • 21. Service State Commands Secure Hadoop @ eBay 21 # svstat /service/* /service/datanode: up (pid 31690) 2774877 seconds, running /service/gmon: up (pid 24474) 41500 seconds, running /service/hbase-regionserver: up (pid 3221) 6475035 seconds, running /service/puppet: up (pid 11917) 2246936 seconds, running /service/tasktracker: up (pid 28229) 2757029 seconds, running # svc -t /service/datanode # sleep 10 # svstat /service/datanode /service/datanode: up (pid 8203) 10 seconds, running # svc -d /service/datanode # svstat /service/datanode /service/datanode: down 6 seconds, normally up, stopped # svc -u /service/datanode # sleep 10 # svstat /service/datanode /service/datanode: up (pid 9582) 10 seconds, running #