incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "knox" by kminder
Date Mon, 11 Feb 2013 21:24:26 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The "knox" page has been changed by kminder:
http://wiki.apache.org/incubator/knox?action=diff&rev1=2&rev2=3

  == Proposal ==
  The Knox Gateway (“Gateway” or “Knox”) is a system that provides a single point
of authentication and access for Apache Hadoop services in a cluster. The goal is to simplify
Hadoop security for both users (i.e. who access the cluster data and execute jobs) and operators
(i.e. who control access and manage the cluster). The Gateway runs as a server (or cluster
of servers) that serve one or more Hadoop clusters.
  
- Provide perimeter security to make Hadoop security setup easier
+  * Provide perimeter security to make Hadoop security setup easier
- Support authentication and token verification security scenarios
+  * Support authentication and token verification security scenarios
- Deliver users a single cluster end-point that aggregates capabilities for data and jobs
+  * Deliver users a single cluster end-point that aggregates capabilities for data and jobs
- Enable integration with enterprise and cloud identity management environments
+  * Enable integration with enterprise and cloud identity management environments
  
  == Background ==
  An Apache Hadoop cluster is presented to consumers as a loose collection of independent
services. This makes it difficult for users to interact with Hadoop since each service maintains
it’s own method of access and security. As well, for operators, configuration and administration
of a secure Hadoop cluster is a complex and many Hadoop clusters are insecure as a result.
+ 
+ The goal of the project is to provide coverage for all existing Hadoop ecosystem projects.
 In addition, the project will be extensible to allow for new and/or proprietary Hadoop components
without requiring changes to the gateway source code.  The gateway is expected to run in a
DMZ environment where it will provide controlled access to these Hadoop services.  In this
way Hadoop clusters can be protected by a firewall and only limited access provided through
the firewall for the gateway.  The authentication components of the gateway will be modular
and extensible such that it can be integrated with existing security infrastructure.
  
  == Rationale ==
  

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message