Knox Hadoop Security Gateway
Knox Gateway is one of the Hadoop Security System that can provides a single point of authentication and access for Hadoop services in a cluster.In simple Understanding way In our Real time Hadoop servers (clusters) The hadoop services are located in different different locations (clusters) i.e Hive in one cluster,Pig in another cluster etc.. By using this Knox Gateway we can provide single point of authentication.
The goal is to simplify Hadoop security for both users (i.e. who access the cluster data and execute jobs (Developers)) and operators (i.e. who control access and manage the cluster (Admins)). The gateway runs as a server (or cluster of servers) that provide centralized access to one or more Hadoop clusters.
The Goals of the Knox Gateway
- Provide perimeter (Perimeter is the distance around a two ) security for Hadoop REST APIs to make Hadoop security easier to setup and use
- Provide authentication and token verification at the perimeter
- Enable authentication integration with enterprise and cloud identity management systems
- Provide service level authorization at the perimeter
- Expose a single URL hierarchy that aggregates REST APIs of a Hadoop cluster
- Limit the network endpoints (and therefore firewall holes) required to access a Hadoop cluster
- Hide the internal Hadoop cluster topology from potential attackers
Versions of Knox Gateway
What Knox Does And Knox Advantages
Layers of Hadoop Security
How Knox Gateway Works
A fully secure Hadoop cluster needs Kerberos security,but this Kerberos requires a client side library and complex client side configuration.By encapsulating Kerberos, Knox eliminates the need for client software or client configuration and thus simplifies the access model. In this way, Knox aggregates REST/HTTP calls to various components within the Hadoop ecosystem.
Knox is a stateless reverse proxy framework and can be deployed as a cluster of Knox instances that route requests to Hadoop’s REST APIs. Because Knox is stateless, it scales linearly by adding more Knox nodes as the load increases. A load balancer can route requests to multiple Knox instances.
Knox also intercepts REST/HTTP calls and provides authentication, authorization, audit, URL rewriting, web vulnerability removal and other security services through a series of extensible interceptor pipelines.