You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@spark.apache.org by kamatsuoka <ke...@gmail.com> on 2014/04/08 22:14:28 UTC
Spark with SSL?
Can Spark be configured to use SSL for all its network communication?
--
View this message in context: http://apache-spark-user-list.1001560.n3.nabble.com/Spark-with-SSL-tp3916.html
Sent from the Apache Spark User List mailing list archive at Nabble.com.
Re: Spark with SSL?
Posted by Benjamin Black <b...@b3k.us>.
Although connection setup is expensive, the overhead of AES on any recent
Intel processor is almost zero. AES-NI is good stuff.
On Tuesday, April 8, 2014, Evan R. Sparks <ev...@gmail.com> wrote:
> A bandaid might be to set up ssh tunneling between slaves and master - has
> anyone tried deploying this way? I would expect it to pretty negatively
> impact performance on communication-heavy jobs.
>
>
> On Tue, Apr 8, 2014 at 3:23 PM, Benjamin Black <b@b3k.us<javascript:_e(%7B%7D,'cvml','b@b3k.us');>
> > wrote:
>
>> Only if you trust the provider networks and everyone who might have
>> access to them. I don't.
>>
>>
>> On Tuesday, April 8, 2014, Ognen Duzlevski <ognen@plainvanillagames.com<javascript:_e(%7B%7D,'cvml','ognen@plainvanillagames.com');>>
>> wrote:
>>
>>> Ideally, you just run it in Amazon's VPC or whatever other providers'
>>> equivalent is. In this case running things over SSL would be an overkill.
>>>
>>> On 4/8/14, 3:31 PM, Andrew Ash wrote:
>>>
>>> Not that I know of, but it would be great if that was supported. The
>>> way I typically handle security now is to put the Spark servers in their
>>> own subnet with strict inbound/outbound firewalls.
>>>
>>>
>>> On Tue, Apr 8, 2014 at 1:14 PM, kamatsuoka <ke...@gmail.com> wrote:
>>>
>>>> Can Spark be configured to use SSL for all its network communication?
>>>>
>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://apache-spark-user-list.1001560.n3.nabble.com/Spark-with-SSL-tp3916.html
>>>> Sent from the Apache Spark User List mailing list archive at Nabble.com.
>>>>
>>>
>>>
>
Re: Spark with SSL?
Posted by "Evan R. Sparks" <ev...@gmail.com>.
A bandaid might be to set up ssh tunneling between slaves and master - has
anyone tried deploying this way? I would expect it to pretty negatively
impact performance on communication-heavy jobs.
On Tue, Apr 8, 2014 at 3:23 PM, Benjamin Black <b...@b3k.us> wrote:
> Only if you trust the provider networks and everyone who might have access
> to them. I don't.
>
>
> On Tuesday, April 8, 2014, Ognen Duzlevski <og...@plainvanillagames.com>
> wrote:
>
>> Ideally, you just run it in Amazon's VPC or whatever other providers'
>> equivalent is. In this case running things over SSL would be an overkill.
>>
>> On 4/8/14, 3:31 PM, Andrew Ash wrote:
>>
>> Not that I know of, but it would be great if that was supported. The way
>> I typically handle security now is to put the Spark servers in their own
>> subnet with strict inbound/outbound firewalls.
>>
>>
>> On Tue, Apr 8, 2014 at 1:14 PM, kamatsuoka <ke...@gmail.com> wrote:
>>
>>> Can Spark be configured to use SSL for all its network communication?
>>>
>>>
>>>
>>> --
>>> View this message in context:
>>> http://apache-spark-user-list.1001560.n3.nabble.com/Spark-with-SSL-tp3916.html
>>> Sent from the Apache Spark User List mailing list archive at Nabble.com.
>>>
>>
>>
Re: Spark with SSL?
Posted by Benjamin Black <b...@b3k.us>.
Only if you trust the provider networks and everyone who might have access
to them. I don't.
On Tuesday, April 8, 2014, Ognen Duzlevski <og...@plainvanillagames.com>
wrote:
> Ideally, you just run it in Amazon's VPC or whatever other providers'
> equivalent is. In this case running things over SSL would be an overkill.
>
> On 4/8/14, 3:31 PM, Andrew Ash wrote:
>
> Not that I know of, but it would be great if that was supported. The way
> I typically handle security now is to put the Spark servers in their own
> subnet with strict inbound/outbound firewalls.
>
>
> On Tue, Apr 8, 2014 at 1:14 PM, kamatsuoka <kenjim@gmail.com<javascript:_e(%7B%7D,'cvml','kenjim@gmail.com');>
> > wrote:
>
>> Can Spark be configured to use SSL for all its network communication?
>>
>>
>>
>> --
>> View this message in context:
>> http://apache-spark-user-list.1001560.n3.nabble.com/Spark-with-SSL-tp3916.html
>> Sent from the Apache Spark User List mailing list archive at Nabble.com.
>>
>
>
Re: Spark with SSL?
Posted by Ognen Duzlevski <og...@plainvanillagames.com>.
Ideally, you just run it in Amazon's VPC or whatever other providers'
equivalent is. In this case running things over SSL would be an overkill.
On 4/8/14, 3:31 PM, Andrew Ash wrote:
> Not that I know of, but it would be great if that was supported. The
> way I typically handle security now is to put the Spark servers in
> their own subnet with strict inbound/outbound firewalls.
>
>
> On Tue, Apr 8, 2014 at 1:14 PM, kamatsuoka <kenjim@gmail.com
> <ma...@gmail.com>> wrote:
>
> Can Spark be configured to use SSL for all its network communication?
>
>
>
> --
> View this message in context:
> http://apache-spark-user-list.1001560.n3.nabble.com/Spark-with-SSL-tp3916.html
> Sent from the Apache Spark User List mailing list archive at
> Nabble.com.
>
Re: Spark with SSL?
Posted by Andrew Ash <an...@andrewash.com>.
Not that I know of, but it would be great if that was supported. The way I
typically handle security now is to put the Spark servers in their own
subnet with strict inbound/outbound firewalls.
On Tue, Apr 8, 2014 at 1:14 PM, kamatsuoka <ke...@gmail.com> wrote:
> Can Spark be configured to use SSL for all its network communication?
>
>
>
> --
> View this message in context:
> http://apache-spark-user-list.1001560.n3.nabble.com/Spark-with-SSL-tp3916.html
> Sent from the Apache Spark User List mailing list archive at Nabble.com.
>