0% found this document useful (0 votes)

164 views6 pages

Big Data Authentication Architecture PDF

This document proposes setting up an authentication architecture for three Hadoop clusters using Red Hat Identity Management (IdM/IPA). It involves setting up an IPA server pair for DNS, Kerberos, and LDAP services. A one-way trust from Active Directory to IPA will allow credentials to sync. IPA will centralize sudo rules, application IDs, and user management. The domains will have the same name but different realms (e.g. dev.dmt.rogers.com and DEV.DMT.ROGERS.COM). LDAPS with AES256/128 encryption will be used. SSSD will cache credentials across the clusters.

Uploaded by

Anonymous iz83EL9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

164 views6 pages

Big Data Authentication Architecture PDF

Uploaded by

Anonymous iz83EL9

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 6

Big Data Authentication Architecture

Big Data Authentication Proposal

Presented to Active Directory team

Ron Burnette, Big Data Consultant, Oalva, Inc.

Rajeev Ratnalingam, Hadoop Administrator
Fraser Campbell, Hadoop Administrator

Monday, August 29, 2016 11:00am EDT

Brampton SE2.B08.14
Big Data Authentication Architecture

Goals:
• Set up Red Hat Identity Management (IdM/IPA) server pair (fault-tolerant) to provide DNS, Kerberos KDC and
LDAP services for the three Hadoop clusters managed by the DMT group.
 Development, Production, SAS Production

• Obtain approval from AD team to set up a one-way trust from AD to our IPA server

• Build new Development Hadoop environment – will have its own KDC and we’ll use a trust to connect it to IPA

• Upgrade existing Production cluster to latest version from Hadoop vendor; Authenticate through IPA

• Install and configure Ranger for fine-grained access control of HDP resources (HDFS, YARN, Hive, Hbase)

• Migrate SAS cluster authentication to new IPA-based setup

• Clean up naming standards in domains and realms

Big Data Authentication Architecture

Key factors:
• Domain name and realm name will be the same except realm is in caps

• IPA domain will be dmt.rogers.com

• Hadoop environments will be on subdomains under dmt.rogers.com

 dev.dmt.rogers.com, prod.dmt.rogers.com

• IPA server names must resolve forward and backward for IPA to install properly

• SSSD will be used to cache user credentials, integrate with sudo rules and Host-based access control
Big Data Authentication Architecture

Authentication protocols and encryption type:

• LDAPS will be used with SSL/TLS (CA certificate from AD)

• Encryption type will be aes256 and aes128

Big Data Authentication Architecture

Active
Directory

One-way trust from AD to IPA for

user credentials

IPA centralizes:
RedHat Sudo rules
DNS=dmt.rogers.com
Realm=DMT.ROGERS.COM IdM/IPA App IDs
SSSD KDC User Management
Host-based Access Control (via SSSD)

Dev HDP Prod HDP Prod SAS HDP

SSSD caches users Cluster Cluster Cluster
and credentials SSSD KDC SSSD KDC SSSD KDC

DNS=dev.dmt.rogers.com DNS=prod.dmt.rogers.com DNS=sas.dmt.rogers.com

Realm=DEV.DMT.ROGERS.COM Realm=PROD.DMT.ROGERS.COM Realm=SAS.DMT.ROGERS.COM
Big Data Authentication Architecture

Any questions?

Professor Messer Comptia 220 901 902 A Plus Course Notes v0115
80% (5)
Professor Messer Comptia 220 901 902 A Plus Course Notes v0115
57 pages
SOC 2 Compliance with strongDM
No ratings yet
SOC 2 Compliance with strongDM
5 pages
Over View of Security Issues in Big Data Analytics
No ratings yet
Over View of Security Issues in Big Data Analytics
70 pages
I AM Overview
No ratings yet
I AM Overview
4 pages
WALLIX Fundamentals of IDaaS
No ratings yet
WALLIX Fundamentals of IDaaS
65 pages
Lecture6 IAM Architecture
No ratings yet
Lecture6 IAM Architecture
10 pages
Best Practices For Implementing Cloud Data Governance and Catalog
100% (1)
Best Practices For Implementing Cloud Data Governance and Catalog
45 pages
Identity and Access Management (IAM)
No ratings yet
Identity and Access Management (IAM)
118 pages
Federated Access & SSO Solutions
No ratings yet
Federated Access & SSO Solutions
14 pages
Cloud Database Security Guide
No ratings yet
Cloud Database Security Guide
88 pages
3.understanding Services & Applications by Type
No ratings yet
3.understanding Services & Applications by Type
14 pages
Amazon EMR Security: © 2018, Amazon Web Services, Inc. or Its Affiliates. All Rights Reserved
No ratings yet
Amazon EMR Security: © 2018, Amazon Web Services, Inc. or Its Affiliates. All Rights Reserved
16 pages
CompTIA A+ Core 2 Study Notes
No ratings yet
CompTIA A+ Core 2 Study Notes
7 pages
Dissertation 06012419
100% (1)
Dissertation 06012419
231 pages
NetApp ONTAP Active Directory Authentication
No ratings yet
NetApp ONTAP Active Directory Authentication
7 pages
Unit-3 Hadoop Environment
No ratings yet
Unit-3 Hadoop Environment
31 pages
Freeipa Unik Pred Krizou Identity Slides PDF
No ratings yet
Freeipa Unik Pred Krizou Identity Slides PDF
37 pages
Realtime Xendesktop Steps - Project Based
No ratings yet
Realtime Xendesktop Steps - Project Based
40 pages
Cloud Computing Chapter-12
No ratings yet
Cloud Computing Chapter-12
20 pages
IDC Security Infographic
No ratings yet
IDC Security Infographic
1 page
Sy0-701 - Lesson 04
No ratings yet
Sy0-701 - Lesson 04
34 pages
Hadoop Security for IT Professionals
No ratings yet
Hadoop Security for IT Professionals
27 pages
Windows Server 2008 Workshop Aks
No ratings yet
Windows Server 2008 Workshop Aks
81 pages
Big Ip Access Policy Manager Ds PDF
No ratings yet
Big Ip Access Policy Manager Ds PDF
17 pages
Lecture 11 12
No ratings yet
Lecture 11 12
25 pages
Big Data Analytics Overview
No ratings yet
Big Data Analytics Overview
30 pages
SA CS - Presentation v1810
No ratings yet
SA CS - Presentation v1810
22 pages
Secure Workforce Identity Solutions
No ratings yet
Secure Workforce Identity Solutions
2 pages
CISSP Domain5 IAM
No ratings yet
CISSP Domain5 IAM
4 pages
Applsci 13 01183
No ratings yet
Applsci 13 01183
28 pages
Big Data Specialisation
No ratings yet
Big Data Specialisation
8 pages
Article 1
No ratings yet
Article 1
23 pages
Unified Credential Management Solution
No ratings yet
Unified Credential Management Solution
3 pages
(Guide) Build A Directory Service Server With Active Directory
No ratings yet
(Guide) Build A Directory Service Server With Active Directory
42 pages
Data Management for IT Teams
No ratings yet
Data Management for IT Teams
16 pages
Active Directory Basics Guide
No ratings yet
Active Directory Basics Guide
382 pages
DBMS 10
No ratings yet
DBMS 10
6 pages
Deep Identity Solution Overview - CC 14apr2016
No ratings yet
Deep Identity Solution Overview - CC 14apr2016
66 pages
6 Understanding Enterprise Architecture m6 Slides
No ratings yet
6 Understanding Enterprise Architecture m6 Slides
67 pages
Big Data Analytics For Security
No ratings yet
Big Data Analytics For Security
3 pages
A Dynamic Access Control Model Using Authorising Workow and Task Role-Based Access Control
No ratings yet
A Dynamic Access Control Model Using Authorising Workow and Task Role-Based Access Control
140 pages
In 1054 SecurityGuide en
No ratings yet
In 1054 SecurityGuide en
245 pages
Big Data in Cybersecurity
No ratings yet
Big Data in Cybersecurity
15 pages
Iso 27001 Compliance Guide
No ratings yet
Iso 27001 Compliance Guide
7 pages
Azure Active Directory
No ratings yet
Azure Active Directory
60 pages
W2K8 AD Configuration
No ratings yet
W2K8 AD Configuration
25 pages
Chapter 11 LDAP and Kerberos
No ratings yet
Chapter 11 LDAP and Kerberos
40 pages
Cloud Security: Timothy Brown
No ratings yet
Cloud Security: Timothy Brown
40 pages
Unit - V Cloud Security - Part3
No ratings yet
Unit - V Cloud Security - Part3
28 pages
RSA Tutor
No ratings yet
RSA Tutor
98 pages
DrIfathNaziaGhori 132
No ratings yet
DrIfathNaziaGhori 132
7 pages
Ldap Read
No ratings yet
Ldap Read
117 pages
Machine Identities in Cyber 1695282819
No ratings yet
Machine Identities in Cyber 1695282819
11 pages
Chapter 04 Part5
No ratings yet
Chapter 04 Part5
20 pages
CISSP Bootcamp for Security Pros
100% (1)
CISSP Bootcamp for Security Pros
93 pages
IJAIR119526
No ratings yet
IJAIR119526
8 pages
Infoblox Whitepaper Why Infoblox For Ddi
No ratings yet
Infoblox Whitepaper Why Infoblox For Ddi
7 pages
Advanced Security Assessments
No ratings yet
Advanced Security Assessments
109 pages
Azure 303 Practice Test 01
No ratings yet
Azure 303 Practice Test 01
74 pages
Telecommunications Planning and Management For Business PDF
No ratings yet
Telecommunications Planning and Management For Business PDF
1,129 pages
WEB SERVICE Vs WEB API
No ratings yet
WEB SERVICE Vs WEB API
3 pages
Metrics For Broadband Networks
No ratings yet
Metrics For Broadband Networks
29 pages
Paas Characteristics
No ratings yet
Paas Characteristics
4 pages
Parts - Units
No ratings yet
Parts - Units
7 pages
Unix Command Basics for Beginners
No ratings yet
Unix Command Basics for Beginners
12 pages
WEB SERVICE Vs WEB API
No ratings yet
WEB SERVICE Vs WEB API
3 pages
Eassy Realted Points
No ratings yet
Eassy Realted Points
8 pages
UNIX - Shell Scripting - SL
No ratings yet
UNIX - Shell Scripting - SL
40 pages
Visa Processing For Tryg Sweden - VTS Initiation - Step 1
No ratings yet
Visa Processing For Tryg Sweden - VTS Initiation - Step 1
1 page
The UNIX Operating System: TCS Confidential
No ratings yet
The UNIX Operating System: TCS Confidential
220 pages
Remote Method Registry Service Stub Skeleton: Terminology Related To RMI
No ratings yet
Remote Method Registry Service Stub Skeleton: Terminology Related To RMI
9 pages
Red Hat Enterprise Linux - Installation
No ratings yet
Red Hat Enterprise Linux - Installation
63 pages
Informatica Getting Started Guide
No ratings yet
Informatica Getting Started Guide
113 pages
Mechanical Engineering Review 2 Fundamentals Thermodynamics
No ratings yet
Mechanical Engineering Review 2 Fundamentals Thermodynamics
5 pages
KV 27TS27
No ratings yet
KV 27TS27
10 pages
Construction Blueprint Details
100% (1)
Construction Blueprint Details
2 pages
Ntic
100% (2)
Ntic
510 pages
Limitation of Science
No ratings yet
Limitation of Science
3 pages
Guidelines For Life Safety Plan (LSP) Submissions
No ratings yet
Guidelines For Life Safety Plan (LSP) Submissions
6 pages
Art & Design Student Assessment
No ratings yet
Art & Design Student Assessment
2 pages
Linear Inequalities
100% (1)
Linear Inequalities
7 pages
Product Guide: Hyundai Construction Equipment
100% (1)
Product Guide: Hyundai Construction Equipment
26 pages
WO Albeng Alprod Depo 30
No ratings yet
WO Albeng Alprod Depo 30
3 pages
4pm1 02r Rms 20230302
No ratings yet
4pm1 02r Rms 20230302
29 pages
List of Practicals OS Jan-Apr2022
No ratings yet
List of Practicals OS Jan-Apr2022
2 pages
Mock Job Interview Sample Questions Score Sheet
No ratings yet
Mock Job Interview Sample Questions Score Sheet
2 pages
Parallel Merge in Syntax Theory
No ratings yet
Parallel Merge in Syntax Theory
23 pages
Mahesh CV
No ratings yet
Mahesh CV
6 pages
Unit 2 Lesson 1: Opening The Lesson 5 MN
No ratings yet
Unit 2 Lesson 1: Opening The Lesson 5 MN
8 pages
Ww85k5410uw - DC68 03677F 03 PDF
No ratings yet
Ww85k5410uw - DC68 03677F 03 PDF
56 pages
Syllabus Database Management For Business Fall 2024-2025-1
No ratings yet
Syllabus Database Management For Business Fall 2024-2025-1
9 pages
IC Engines
No ratings yet
IC Engines
37 pages
Classical and Marginal Economics Overview
100% (1)
Classical and Marginal Economics Overview
5 pages
Diversity Models and Dimensions Guide
No ratings yet
Diversity Models and Dimensions Guide
4 pages
Analysis of Soil Sample
100% (1)
Analysis of Soil Sample
20 pages
Namma Kalvi 12th Commerce Book Inside One Mark Study Material EM 220550
No ratings yet
Namma Kalvi 12th Commerce Book Inside One Mark Study Material EM 220550
145 pages
Price of AIO Solar Street Light
No ratings yet
Price of AIO Solar Street Light
3 pages
5.1 Chemical Formulae, Equations, Calculations (1C) QP Part 2
No ratings yet
5.1 Chemical Formulae, Equations, Calculations (1C) QP Part 2
12 pages
KFR 2
No ratings yet
KFR 2
126 pages
Preschool Daily Schedule
No ratings yet
Preschool Daily Schedule
1 page
Cost Out Engineer: VAVE Mechanical Role
No ratings yet
Cost Out Engineer: VAVE Mechanical Role
2 pages
Fzo Ain Rep
No ratings yet
Fzo Ain Rep
42 pages

Big Data Authentication Architecture PDF

Uploaded by

Big Data Authentication Architecture PDF

Uploaded by

Big Data Authentication Architecture

Big Data Authentication Proposal

Ron Burnette, Big Data Consultant, Oalva, Inc.

Monday, August 29, 2016 11:00am EDT

• Migrate SAS cluster authentication to new IPA-based setup

• Clean up naming standards in domains and realms

• IPA domain will be dmt.rogers.com

• Hadoop environments will be on subdomains under dmt.rogers.com

Authentication protocols and encryption type:

• Encryption type will be aes256 and aes128

One-way trust from AD to IPA for

Dev HDP Prod HDP Prod SAS HDP

DNS=dev.dmt.rogers.com DNS=prod.dmt.rogers.com DNS=sas.dmt.rogers.com

You might also like