Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
MapReduce, mail # user - Using certificates to secure Hadoop


+
Fabio Pitzolu 2013-01-22, 15:20
Copy link to this message
-
Re: Using certificates to secure Hadoop
Nitin Pawar 2013-01-22, 16:56
on network level easy way would be you host your entire infrastructure into
a private network with just one internet facing gateway via which your
client can access your webservice. And in case you need to access internet
for hadoop/oozie then you can setup a NAT
this will be like building your private cloud infra with different internet
gateways

other way would be you build your own certificate based authentication
library. (we used to have this @ yahoo where we used to restrict access to
server having certificate only)
On Tue, Jan 22, 2013 at 8:50 PM, Fabio Pitzolu <[EMAIL PROTECTED]>wrote:

> Hi all,****
>
> I’ve been asked to check whether is possible to use certificates to secure
> the connection between Hadoop and Oozie and the “external world” or not.**
> **
>
> Case is this:****
>
> We have to develop a webservice to run Oozie workflows and access HDFS, so
> that there will be just one “interface” between the cluster and a user web
> application.****
>
> Current security scenario does not allow to use Kerberos to authenticate
> the users, so we were thinking about using certificates, distributed
> through the Tomcat stack (as show on the following diagram).****
>
> The idea is that only a client (in this case the client would be the Java
> WebService – the blue box) with the right certificate could “talk” to the
> Hadoop / Oozie machines.****
>
> ** **
>
> ****
>
> ** **
>
> Is it possible to achieve this scenario?****
>
> If so, is there a whitepaper on the Internet that shows how to do this?***
> *
>
> If not possible, what do you think would be the best security solution not
> using Kerberos (example, firewall sec., IP security, …)? ****
>
> ** **
>
> Thank you very much, have a nice day!****
>
> ** **
>
> Fabio Pitzolu****
>
> ** **
>

--
Nitin Pawar
+
Fabio Pitzolu 2013-01-22, 17:37
+
Nitin Pawar 2013-01-22, 17:49
+
Fabio Pitzolu 2013-01-22, 17:53