[jira] [Commented] (HADOOP-12725) RPC encryption benchmark and optimization prototypes

Thu, 03 Mar 2016 20:25:58 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-12725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15179291#comment-15179291
 ] 

Kai Zheng commented on HADOOP-12725:
------------------------------------

Thanks [~jerrychenhf] for the thorough thoughts on this.

bq. The current discussions by now focus on the GSSAPI used in SASL Kerberos 
mechanism. And trying to optimize the GSSAPI internally.
Yes you're right. This is the first taking as the primary case in my thinking. 
Looks like you have already made thorough investigation on this than me, I'd be 
very happy if you will help with other cases.

bq. For Hadoop client, Kerberos method is usually used as the first step of 
authentication to gain the access to the system. While different use cases 
follows a different pattern in the following steps.
Again you're right, we currently focus on the initial authentication when 
Kerberos is enabled, which is important to protect security credential 
exchanges used in following steps.

bq. The #2 option has the advantage that Hadoop RPC implementation has control 
on all the optimizations and will not depend on under-layer mechanism 
optimization.
I guess the best option may be the 3rd one, using option #1 for the initial 
Kerberos authenticated session and #2 for the following steps.

Any way, I thought it wouldn't be bad to prototype first if we have the idea, 
then consolidate and refine the whole solution together. Your complete thoughts 
and inputs make much sense toward the final result. Thanks!



> RPC encryption benchmark and optimization prototypes
> ----------------------------------------------------
>
>                 Key: HADOOP-12725
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12725
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Kai Zheng
>            Assignee: Wei Zhou
>
> This would implement a benchmark tool to measure and compare the performance 
> of Hadoop IPC/RPC call when security is enabled and different SASL 
> QOP(Quality of Protection) is enforced. Given the data collected by this 
> benchmark, it would then be able to know if any performance concern when 
> considering to enforce privacy, integration, or authenticy protection level, 
> and do optimization accordingly.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to