Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Up-Armoring The Elephant: Adding Kerberos-based Security to Hadoop

5,678 views

Published on

Presented at HadoopDay, Seattle, 2010.

Published in: Technology
  • Be the first to comment

Up-Armoring The Elephant: Adding Kerberos-based Security to Hadoop

  1. 1. Up-Armoring the Elephant<br />Secure Hadoop is Here<br />Jakob Homan<br />jhoman@yahoo-inc.com<br />
  2. 2. Who I am<br />8/14/10<br />2<br />
  3. 3. Using Hadoop at Yahoo!<br />8/14/10<br />3<br />
  4. 4. As of 2009, 72% percent of patches going into the Hadoop source code were coming from Yahoo!<br />Developing Hadoop at Yahoo!<br />8/14/10<br />4<br />
  5. 5. Yahoo! provides extensive QE and QA resources to test Hadoop releases at scale.<br />Developing Hadoop at Yahoo!<br />8/14/10<br />5<br />
  6. 6. Developing Hadoop at Yahoo!<br />8/14/10<br />6<br />The Yahoo! distribution of Hadoop, available on Github, is the same code we run internally on our servers.<br />Patches important to stability and performance and stability are applied here, as well as Apache.<br />
  7. 7. Developing Hadoop at Yahoo!<br />8/14/10<br />7<br />The rest of the family<br />
  8. 8. Hadoop at Yahoo! Sunnyvale<br />8/14/10<br />8<br />
  9. 9. Why do we need a secure Hadoop?<br />8/14/10<br />9<br />
  10. 10. Current state of security in Hadoop<br />8/14/10<br />10<br />
  11. 11. Current state of security in Hadoop<br />8/14/10<br />11<br />Bowser copyright Nintendo<br />
  12. 12. The elephant is too trusting<br />8/14/10<br />12<br />
  13. 13. Which can let bad people do bad things<br />8/14/10<br />13<br />
  14. 14. Why is securing Hadoop hard?<br />8/14/10<br />14<br />
  15. 15. Enter Kerberos!<br />8/14/10<br />15<br />
  16. 16. Kerberos workflow<br />8/14/10<br />16<br />
  17. 17. RPC upgraded to use SASL/GSSAPI<br />8/14/10<br />17<br />
  18. 18. What does a secure Hadoop look like?<br />8/14/10<br />18<br />
  19. 19. Like this<br />8/14/10<br />19<br />
  20. 20. Everyone now authenticated<br />8/14/10<br />20<br />
  21. 21. Additional security throughout system<br />8/14/10<br />21<br />
  22. 22. How do I write a secure MapReduce job?<br />8/14/10<br />22<br />
  23. 23. This is how<br />8/14/10<br />23<br />Nochanges!<br />
  24. 24. Significant user-facing changes<br />8/14/10<br />24<br />
  25. 25. Secure web access is pluggable<br />8/14/10<br />25<br />
  26. 26. DistCP works… in 3 out of 4 cases<br />8/14/10<br />26<br />
  27. 27. Out of scope<br />8/14/10<br />27<br />
  28. 28. Impact on performance<br />8/14/10<br />28<br />
  29. 29. Take security for a test drive<br />8/14/10<br />29<br />
  30. 30. Or build a secure cluster at home<br />8/14/10<br />30<br />
  31. 31. Other projects and security<br />8/14/10<br />31<br />
  32. 32. Current state<br />8/14/10<br />32<br />
  33. 33. Current state<br />8/14/10<br />33<br />
  34. 34. Security list<br />8/14/10<br />34<br />
  35. 35. Questions?<br />8/14/10<br />35<br />

×