1. Johngo学长首页
  2. 技术点详细复盘专题
  3. 大数据

大数据平台的防火墙、服务网关Knox

大数据 阅读 57

这里写自定义目录标题

大数据平台的防火墙、服务网关Knox

边界安全/防火墙

利用Knox对大数据平台建立了2级防护墙。
the first firewall forces all internet communication to talk only to the knox gateway. Communication that passes security challenges at the gateway (IP, ports, Kerberos/LDAP authentication, other) are routed to the cluster.

The second firewall further isolates the cluster by forcing the cluster to only accept communication from the gateway, which is a known host on the internal network.

大数据平台的防火墙、服务网关Knox

; Knox网关部署架构

大数据平台的防火墙、服务网关Knox
大数据平台的防火墙、服务网关Knox

大数据平台的防火墙、服务网关Knox

Ranger授权和控制

大数据平台的防火墙、服务网关Knox

; 使用Knox进行认证

Trusted proxy

Knox Trusted Proxy is useful in cloud deployments when you need the seamless and uniform authentication benefits of both proxy and SSO. Trusted Proxy is automatically configured by Cloudera Manager in CDP deployments.

Knox Trusted Proxy propagates the authenticated end user to the backend service. The request is “trusted” in that the given backend/service is able to validate that the request came from a certain place and was allowed to make the request. A backend in this case is any service that Knox is acting as a proxy for (e.g., Cloudera Manager, Hive JDBC, Ranger UI, etc). Each of these services have a mechanism to ensure that the 1) request IP address and 2) request user matches what it expects. If the request matches those two things, then the service will not have to authenticate again and can trust that Knox sent the request.

When making requests to the cluster, Knox first authenticates the end user, and then adds that user as a query parameter to the request (?doAs=USERNAME) to the backend. The backend then checks that the request is trusted (request IP and request user) and extracts the end user (USERNAME) from the query parameter. The backend service then does whatever is necessary as that backend user. Knox and the proxied services authenticate to each other via Kerberos.

大数据平台的防火墙、服务网关Knox

; Common Security Architecture Using Apache Knox for Data Access

Apache Knox is a gateway application and the door to access data in a data lake hidden behind a firewall.

大数据平台的防火墙、服务网关Knox

https://datahovel.com/tag/apache-knox/

Original: https://blog.csdn.net/codragon/article/details/125426673
Author: codragon
Title: 大数据平台的防火墙、服务网关Knox

原创文章受到原创版权保护。转载请注明出处:https://www.johngo689.com/818188/

转载文章受原作者版权保护。转载请注明原作者出处!

(0)
0

【自取】最近整理的,有需要可以领取学习:



Linux核心资料大放送~

全栈面试题汇总(持续更新&可下载)

一个提高学习100%效率的工具!

【超详细】深度学习面试题目!

LeetCode Python刷题答案下载!

LeetCode Java版刷题答案下载!

LeetCode C++ 版本,抓紧保存!

LeetCode GO语言 刷题答案下载!

大家都在看

亲爱的 Coder【最近整理,可免费获取】👉 最新必读书单  | 👏 面试题下载  | 🌎 免费的AI知识星球