Database Reference
In-Depth Information
Purpose
Secure Gateway
Official Page
Hadoop Integration Fully Integrated
Securing a Hadoop cluster is often a complicated, time-consuming endeavor fraught with
trade-offs and compromise. The largest contributing factor to this challenge is that Hadoop is
made of a variety of different technologies, each of which has its own idea of security.
One common approach to securing a cluster is to simply wrap the environment with a fire-
wall (“fence the elephant”). This may have been acceptable in the early days when Hadoop
was largely a standalone tool for data scientists and information analysts, but the Hadoop of
today is part of a much larger big data ecosystem and interfaces with many tools in a variety
of ways. Unfortunately, each tool seems to have its own public interface, and if a security
model happens to be present, it's often different from that of any other tool. The end result of
all this is that users who want to maintain a secure environment find themselves fighting a
losing battle of poking holes in firewalls and attempting to manage a large variety of separate
user lists and tool configurations.
Knox is designed to help combat this complexity. It is a single gateway that lives between
systems external to your Hadoop cluster and those internal to your cluster. It also provides a
single security interface with authorization, authentication, and auditing (AAA) capabilies
that interface with many standard systems, such as Active Directory and LDAP.
Tutorial Links
The folks at Hortonworks have put together a
very concise guide
for getting a minimal Knox
gateway going. If you're interested in digging a little deeper, the official quick-start guide,
which can be found on the
Knox home page
,
provides a considerable amount of detail.
Example Code
Even a simple configuration of Knox is beyond the scope of this topic. Interested readers are
encouraged to check out the tutorials and quickstarts.
