Mailing-List: contact user-help@flink.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@flink.apache.org
MIME-Version: 1.0
Sender: ewenstephan@gmail.com
In-Reply-To: <E7341301-3253-4E07-973A-44B19F785886@apache.org>
References: 
 <CAFy6k11cmznZiOcZRTXsCyWgHy0GjJdd0Cyx-XGjnYhw-nn_JA@mail.gmail.com>
	<CANC1h_tNhbYsqpnKOi27tAcp2+_uqYU5V4+JCYMAp48W6AF5Vg@mail.gmail.com>
	<CAFy6k13aJ1DTXWdVL=wL3JcLOk1ageMsNDOpW2TqdUgOq04dVA@mail.gmail.com>
	<CABGNe=YqQm1vpzXXG76u+AGOgyu-uedVQD340bZEfyDTk6h_qQ@mail.gmail.com>
	<E7341301-3253-4E07-973A-44B19F785886@apache.org>
Date: Tue, 12 Jan 2016 11:56:09 +0100
Message-ID: 
 <CANC1h_v0PqFvFTO478ft5CBgM-Bf-DO742Gouz528bW7VRjb_w@mail.gmail.com>
Subject: Re: Security in Flink
From: Stephan Ewen <sewen@apache.org>
To: user@flink.apache.org
Content-Type: multipart/alternative; boundary=94eb2c062a4cb36510052920e66f

--94eb2c062a4cb36510052920e66f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Welly!

In the end, all remote communication in Flink will go through Netty (Flink
direct shuffles do, and Akka uses Netty as well).

Netty authenticates connections and encrypts data via SSL, implementing
Java's SSLContext.

As far as I know, the available algorithms for encryption / signatures are
the usual ones in the TLS standard (can also be configured via JVM
arguments).

Greetings,
Stephan


On Tue, Jan 12, 2016 at 9:38 AM, Ufuk Celebi <uce@apache.org> wrote:

> Hey Welly!
>
> I=E2=80=99m not aware of any concrete plans, but is it possible that you =
share
> your requirements on a high level?
>
> =E2=80=93 Ufuk
>
> > On 12 Jan 2016, at 08:24, Welly Tambunan <if05041@gmail.com> wrote:
> >
> > Hi Stephen,
> >
> > Do you have any plan on which encryption method and mechanism will be
> used on Flink ? Could you share about the detail on this ?
> >
> > We have very strict requirement from client that every communication
> need to be encryption. So any detail would be really appreciated for
> answering their security concern.
> >
> >
> > Cheers
> >
> > On Mon, Jan 11, 2016 at 9:46 PM, Sourav Mazumder <
> sourav.mazumder00@gmail.com> wrote:
> > Thanks Steven for your details response. Things are more clear to me no=
w.
> >
> > A follow up Qs -
> > Looks like most of the security support depends on Hadoop ? What happen=
s
> if anyone wants to use Flink with Hadoop (in a cluster where Hadoop is no=
t
> there) ?
> >
> > Regards,
> > Sourav
> >
> > On Sun, Jan 10, 2016 at 12:41 PM, Stephan Ewen <sewen@apache.org> wrote=
:
> > Hi Sourav!
> >
> > There is user-authentication support in Flink via the Hadoop / Kerberos
> infrastructure. If you run Flink on YARN, it should seamlessly work that
> Flink acquires the Kerberos tokens of the user that submits programs, and
> authenticate itself at YARN, HDFS, and HBase with that.
> >
> > If you run Flink standalone, Flink can still authenticate at HDFS/HBase
> via Kerberos, with a bit of manual help by the user (running kinit on the
> workers).
> >
> > With Kafka 0.9 and Flink's upcoming connector (
> https://github.com/apache/flink/pull/1489), streaming programs can
> authenticate themselves as stream brokers via SSL (and read via encrypted
> connections).
> >
> >
> > What we have on the roadmap for the coming months it the following:
> >   - Encrypt in-flight data streams that are exchanged between worker
> nodes (TaskManagers).
> >   - Encrypt the coordination messages between client/master/workers.
> > Note that these refer to encryption between Flink's own components only=
,
> which would use transient keys generated just for a specific job or sessi=
on
> (hence would not need any user involvement).
> >
> >
> > Let us know if that answers your questions, and if that meets your
> requirements.
> >
> > Greetings,
> > Stephan
> >
> >
> > On Fri, Jan 8, 2016 at 3:23 PM, Sourav Mazumder <
> sourav.mazumder00@gmail.com> wrote:
> > Hi,
> >
> > Can anyone point me to ant documentation on support for Security in
> Flink ?
> >
> > The type of information I'm looking for are -
> >
> > 1. How do I do user level authentication to ensure that a job is
> submitted/deleted/modified by the right user ? Is it possible though the
> web client ?
> > 2. Authentication across multiple slave nodes (where the task managers
> are running) and driver program so that they can communicate with each ot=
her
> > 3. Support for SSL/encryption for data exchanged happening across the
> slave nodes
> > 4. Support for pluggable authentication with existing solution like LDA=
P
> >
> > If not there today is there a roadmap for these security features ?
> >
> > Regards,
> > Sourav
> >
> >
> >
> >
> >
> > --
> > Welly Tambunan
> > Triplelands
> >
> > http://weltam.wordpress.com
> > http://www.triplelands.com
>
>

--94eb2c062a4cb36510052920e66f
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Welly!<div><br></div><div>In the end, all remote commun=
ication in Flink will go through Netty (Flink direct shuffles do, and Akka =
uses Netty as well).</div><div><br></div><div>Netty authenticates connectio=
ns and encrypts data via SSL, implementing Java&#39;s SSLContext.</div><div=
><br></div><div>As far as I know, the available algorithms for encryption /=
 signatures are the usual ones in the TLS standard (can also be configured =
via JVM arguments).</div><div><br></div><div>Greetings,</div><div>Stephan</=
div><div><br></div></div><div class=3D"gmail_extra"><br><div class=3D"gmail=
_quote">On Tue, Jan 12, 2016 at 9:38 AM, Ufuk Celebi <span dir=3D"ltr">&lt;=
<a href=3D"mailto:uce@apache.org" target=3D"_blank">uce@apache.org</a>&gt;<=
/span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8=
ex;border-left:1px #ccc solid;padding-left:1ex">Hey Welly!<br>
<br>
I=E2=80=99m not aware of any concrete plans, but is it possible that you sh=
are your requirements on a high level?<br>
<span class=3D"HOEnZb"><font color=3D"#888888"><br>
=E2=80=93 Ufuk<br>
</font></span><div class=3D"HOEnZb"><div class=3D"h5"><br>
&gt; On 12 Jan 2016, at 08:24, Welly Tambunan &lt;<a href=3D"mailto:if05041=
@gmail.com">if05041@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; Hi Stephen,<br>
&gt;<br>
&gt; Do you have any plan on which encryption method and mechanism will be =
used on Flink ? Could you share about the detail on this ?<br>
&gt;<br>
&gt; We have very strict requirement from client that every communication n=
eed to be encryption. So any detail would be really appreciated for answeri=
ng their security concern.<br>
&gt;<br>
&gt;<br>
&gt; Cheers<br>
&gt;<br>
&gt; On Mon, Jan 11, 2016 at 9:46 PM, Sourav Mazumder &lt;<a href=3D"mailto=
:sourav.mazumder00@gmail.com">sourav.mazumder00@gmail.com</a>&gt; wrote:<br=
>
&gt; Thanks Steven for your details response. Things are more clear to me n=
ow.<br>
&gt;<br>
&gt; A follow up Qs -<br>
&gt; Looks like most of the security support depends on Hadoop ? What happe=
ns if anyone wants to use Flink with Hadoop (in a cluster where Hadoop is n=
ot there) ?<br>
&gt;<br>
&gt; Regards,<br>
&gt; Sourav<br>
&gt;<br>
&gt; On Sun, Jan 10, 2016 at 12:41 PM, Stephan Ewen &lt;<a href=3D"mailto:s=
ewen@apache.org">sewen@apache.org</a>&gt; wrote:<br>
&gt; Hi Sourav!<br>
&gt;<br>
&gt; There is user-authentication support in Flink via the Hadoop / Kerbero=
s infrastructure. If you run Flink on YARN, it should seamlessly work that =
Flink acquires the Kerberos tokens of the user that submits programs, and a=
uthenticate itself at YARN, HDFS, and HBase with that.<br>
&gt;<br>
&gt; If you run Flink standalone, Flink can still authenticate at HDFS/HBas=
e via Kerberos, with a bit of manual help by the user (running kinit on the=
 workers).<br>
&gt;<br>
&gt; With Kafka 0.9 and Flink&#39;s upcoming connector (<a href=3D"https://=
github.com/apache/flink/pull/1489" rel=3D"noreferrer" target=3D"_blank">htt=
ps://github.com/apache/flink/pull/1489</a>), streaming programs can authent=
icate themselves as stream brokers via SSL (and read via encrypted connecti=
ons).<br>
&gt;<br>
&gt;<br>
&gt; What we have on the roadmap for the coming months it the following:<br=
>
&gt;=C2=A0 =C2=A0- Encrypt in-flight data streams that are exchanged betwee=
n worker nodes (TaskManagers).<br>
&gt;=C2=A0 =C2=A0- Encrypt the coordination messages between client/master/=
workers.<br>
&gt; Note that these refer to encryption between Flink&#39;s own components=
 only, which would use transient keys generated just for a specific job or =
session (hence would not need any user involvement).<br>
&gt;<br>
&gt;<br>
&gt; Let us know if that answers your questions, and if that meets your req=
uirements.<br>
&gt;<br>
&gt; Greetings,<br>
&gt; Stephan<br>
&gt;<br>
&gt;<br>
&gt; On Fri, Jan 8, 2016 at 3:23 PM, Sourav Mazumder &lt;<a href=3D"mailto:=
sourav.mazumder00@gmail.com">sourav.mazumder00@gmail.com</a>&gt; wrote:<br>
&gt; Hi,<br>
&gt;<br>
&gt; Can anyone point me to ant documentation on support for Security in Fl=
ink ?<br>
&gt;<br>
&gt; The type of information I&#39;m looking for are -<br>
&gt;<br>
&gt; 1. How do I do user level authentication to ensure that a job is submi=
tted/deleted/modified by the right user ? Is it possible though the web cli=
ent ?<br>
&gt; 2. Authentication across multiple slave nodes (where the task managers=
 are running) and driver program so that they can communicate with each oth=
er<br>
&gt; 3. Support for SSL/encryption for data exchanged happening across the =
slave nodes<br>
&gt; 4. Support for pluggable authentication with existing solution like LD=
AP<br>
&gt;<br>
&gt; If not there today is there a roadmap for these security features ?<br=
>
&gt;<br>
&gt; Regards,<br>
&gt; Sourav<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt;<br>
&gt; --<br>
&gt; Welly Tambunan<br>
&gt; Triplelands<br>
&gt;<br>
&gt; <a href=3D"http://weltam.wordpress.com" rel=3D"noreferrer" target=3D"_=
blank">http://weltam.wordpress.com</a><br>
&gt; <a href=3D"http://www.triplelands.com" rel=3D"noreferrer" target=3D"_b=
lank">http://www.triplelands.com</a><br>
<br>
</div></div></blockquote></div><br></div>

--94eb2c062a4cb36510052920e66f--