You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Benoy Antony (JIRA)" <ji...@apache.org> on 2013/07/09 01:27:47 UTC
[jira] [Updated] (HADOOP-9709) Add ability in Hadoop servers
(Namenode, Datanode, ResourceManager ) to support multiple QOP
(Authentication , Privacy)
[ https://issues.apache.org/jira/browse/HADOOP-9709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benoy Antony updated HADOOP-9709:
---------------------------------
Description:
Hadoop Servers currently support only one QOP for the whole cluster.
We want Hadoop servers to support different quality of protection at the same time. This will enable different clients to use different QOP.
A simple usecase:
Let each Hadoop server support two QOP .
1. Authentication
2. Privacy (Privacy includes Authentication) .
The Hadoop servers and internal clients does Authentication without incurring cost of encryption. External clients use Privacy.
The hadoop servers and internal clients are inside the firewall. External clients are outside the firewall.
As an enhancement , it is possible to add a pluggable check (eg. IP whitelist) to identify internal and external clients.
The implementation is simple.
Each Hadoop server listens on multiple ports by configuration with different QOP.
For the above usecase mentioned above, the servers - NameNode, DataNode, ResourceManager listen on two ports (much like 80(http) and 443(https)) for RPC and Streaming. ApplicationMaster uses a range of ports for privacy and non-privacy and picks up a port and QOP based on client's config for client communication.
The clients specify the port which they are supposed to connect to. Clients specify the rpc protection as well encryption policy for streaming layer.
This is an umbrella jira .
I have divided this feature into multiple small tasks. I'll add testcases once the approach is reviewed.
was:
Hadoop Servers currently support only one QOP for the whole cluster.
We want Hadoop servers to support different quality of protection at the same time. This will enable different clients to use a different QOP.
A simple usecase will be to define two QOP .
1. Authentication
2. Privacy (Privacy includes Authentication) .
The Hadoop servers and internal clients does Authentication without incurring cost of encryption. External clients use Privacy.
The hadoop servers and internal clients are inside the firewall. External clients are outside the firewall.
As an enhancement , it is possible to add a pluggable check (eg. IP whitelist) to identify internal and external clients.
The implementation is simple.
Each Hadoop server listens on two ports by configuration with different QOP.
The servers - NameNode, DataNode, ResourceManager listen on two ports (much like 80(http) and 443(https)) for RPC and Streaming. ApplicationMaster uses a range of ports for privacy and non-privacy and picks up a port and QOP based on client's config.
The clients specify the port which they are suppose to connect to. Clients specify the rpc protection as well encryption policy for streaming layer.
This is an umbrella jira .
I have divided this feature into multiple small tasks. I'll add testcases once the approach is reviewed.
> Add ability in Hadoop servers (Namenode, Datanode, ResourceManager ) to support multiple QOP (Authentication , Privacy)
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-9709
> URL: https://issues.apache.org/jira/browse/HADOOP-9709
> Project: Hadoop Common
> Issue Type: New Feature
> Reporter: Benoy Antony
> Assignee: Benoy Antony
>
> Hadoop Servers currently support only one QOP for the whole cluster.
> We want Hadoop servers to support different quality of protection at the same time. This will enable different clients to use different QOP.
> A simple usecase:
> Let each Hadoop server support two QOP .
> 1. Authentication
> 2. Privacy (Privacy includes Authentication) .
> The Hadoop servers and internal clients does Authentication without incurring cost of encryption. External clients use Privacy.
> The hadoop servers and internal clients are inside the firewall. External clients are outside the firewall.
> As an enhancement , it is possible to add a pluggable check (eg. IP whitelist) to identify internal and external clients.
> The implementation is simple.
> Each Hadoop server listens on multiple ports by configuration with different QOP.
> For the above usecase mentioned above, the servers - NameNode, DataNode, ResourceManager listen on two ports (much like 80(http) and 443(https)) for RPC and Streaming. ApplicationMaster uses a range of ports for privacy and non-privacy and picks up a port and QOP based on client's config for client communication.
> The clients specify the port which they are supposed to connect to. Clients specify the rpc protection as well encryption policy for streaming layer.
> This is an umbrella jira .
> I have divided this feature into multiple small tasks. I'll add testcases once the approach is reviewed.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira