Introduction
Background and related works
Introduction to hadoop and security concerns
Introduction to openVPN
Introduction to Access Control List(ACL)-based security model
Solution approach
Next generation secure sequence search business cloud platform – solution design
Next generation secure sequence search business cloud platform – deployment architecture
Securing hadoop cluster
Impersonation
For restrictive permissions on hdfs file system
Property | Value to be set | Description |
---|---|---|
dfs.umaskmode
| <depends on requirements> | umask value for HDFS file system |
For controlling direct access to data blocks
Property | Value to be set | Description |
---|---|---|
dfs.block.access.token.enable | true | If "true", access tokens are used as capabilities for accessing datanodes. If "false", no access tokens are checked on accessing datanodes. |
dfs.block.access.key. update.interval | Depends upon your requirement, default is 600 | Interval in minutes at which namenode updates its access keys. |
dfs.block.access.token.lifetime | Depends upon your requirement, default is 600 | The lifetime of access tokens in minutes. |
Implementation of a Virtual Private Cloud using OpenVPN
Topology | Pros | Cons |
---|---|---|
OSI Layer 2 | · Most appropriate for smaller networks. | · Because LAN broadcasts are propagated to all VPN clients, this topology doesn't scale well to LANs that have a larger amount of broadcast traffic. |
· Easy to configure. | ||
· VPN clients receive their network | · Doesn't scale well with larger numbers of concurrent VPN clients. | |
· properties from the same DHCP server as machines that are | ||
· Can only be used when the Access Server is connected to a LAN that provides DHCP services. | ||
· physically connected to the server-side LAN. | ||
· Works well with application-layer | · Should only be used when the Access Server has a fixed IP address on a private LAN. | |
· protocols that depend on LAN broadcast resolution. | ||
· Can tunnel non-IP protocols. | · Currently only works with Windows Clients | |
OSI Layer 3 | · More efficient and scalable. | · More complex to configure. |
· Greater control over IP and routing configuration. | · Doesn't work well with application-layer protocols that depend on broadcast resolution. | |
· Better fine-grained access control. | ||
· Works on all client platforms that support OpenVPN. |