Tuesday, October 29, 2013

Apache Knox Gateway 0.3.0: Another release of perimeter security for Hadoop

Apache Knox Gateway 0.3.0: Another release of perimeter security for Hadoop

By Vinay Shukla
The Apache Knox community announced the release of the Apache Knox Gateway (Incubator) 0.3.0. We, at Hortonworks, are excited about this announcement.
The Apache Knox Gateway is a REST API Gateway for Hadoop with a focus on enterprise security integration.  It provides a simple and extensible model for securing access to Hadoop core and ecosystem REST APIs.
Apache Knox provides pluggable authentication to LDAP and trusted identity providers as well as service level authorization and more.  The diagram below shows how Apache Knox fits in a Hadoop cluster deployment.
The functionality in this release makes Apache Knox Gateway an ideal perimeter security solution for your Hadoop REST API access.
As mentioned on the Apache Knox news page, the highlights for the 0.3.0 release are:
  • LDAP authentication for REST calls to Hadoop
  • Secure Hadoop cluster (i.e. Kerberos) integration
  • HBase integration (non-Kerberos)
  • Hive JDBC integration (non-Kerberos)
  • Simple ACL based Service Level Authorization
Please visit Apache Knox project website to learn more about the Apache Knox Gateway and to download it. See the quick start guide to start playing with Apache Knox in a sandbox.

Monday, October 7, 2013

Death by thousand Knobs

On rare occasions when I wander down the drinks Isle at the supermarket, I am confused by the overwhelming choices of drinks. It is as if the market is telling me I don't know what you want, here is the dictionary of all the drinks in the world.

Software and other complex systems also have this issue. How many times have you seen an ultra configurable software that is hard to use, let alone use in the optimal way. Having too many configuration options is what I call Death by Thousand (Configuration) Knobs.

Often Thousand Knobs arise when the software/system creator does not know enough about how a customer will use the system. Sometimes there are legitimate reasons where it is impossible to know a priori how a system will be used, but often it arises because of laziness. Where the creator has not spent sufficient time analyzing the right way of using a software/system and is using Knobs to transfer the problem to the user.

Now I see some systems being proposed where the user is being asked to make the hard choices.

Do you want security or fast response time. These false choices are reflective of merely the early stages of a problem analysis.

Case in point http://venturebeat.com/2013/10/02/location-specific-privacy/ where an end user is asked if she wants her data processed in a more secure location.

Doh, I want my data shared with 419 scammers and Prism please and I will have that with catchup.