[
https://issues.apache.org/jira/browse/HADOOP-13836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15702209#comment-15702209
]
kartheek muthyala edited comment on HADOOP-13836 at 11/28/16 3:32 PM:
----------------------------------------------------------------------
Hi all,
We are submitting an initial version of the patch for a preliminary review. We
have tested this patch on a bunch of long running jobs, and the performance is
decent. We will publish some performance numbers soon. Feel free to enhance the
patch.
This patch contains
1. Reorganization of IPC Server and Client classes to make them more
extensible. The changes are
a. A new ListenerFactory class that can dynamically instantiate appropriate
listener based on the configuration.
b. A new AbstractListener class that abstracts the common functionalities of
different listeners.
c. ConnectionFactory class to instantiate an appropriate connection class in
Server and Client classes
2. Implementation of SSL layer in Server.java class
3. Implementation of SSL Client in Client.java using javax.net.ssl library.
4. Unit testing of SSL implementation.
was (Author: kartheek):
Hi all,
We are submitting an initial version of the patch for a preliminary review. We
have tested this patch on a bunch of long running jobs, and the performance is
decent. We will publish some performance numbers soon. Feel free to enhance the
patch.
This patch contains
1. Reorganization of IPC Server and Client classes to make them more
extensible. The changes are
a. A new ListenerFactory class that can dynamically instantiate appropriate
listener based on the configuration.
b. A new AbstractListener class that abstracts the common functionalities of
different listeners.
c. ConnectionFactory class to instantiate an appropriate connection class in
Server and Client classes
2. Implementation of SSL layer in Server.java class
3. Implementation on SSL Client in Client.java using javax.net.ssl library.
4. Unit testing of SSL implementation.
> Securing Hadoop RPC using SSL
> -----------------------------
>
> Key: HADOOP-13836
> URL: https://issues.apache.org/jira/browse/HADOOP-13836
> Project: Hadoop Common
> Issue Type: New Feature
> Components: ipc
> Reporter: kartheek muthyala
> Attachments: HADOOP-13836.patch
>
>
> Today, RPC connections in Hadoop are encrypted using Simple Authentication &
> Security Layer (SASL), with the Kerberos ticket based authentication or
> Digest-md5 checksum based authentication protocols. This proposal is about
> enhancing this cipher suite with SSL/TLS based encryption and authentication.
> SSL/TLS is a proposed Internet Engineering Task Force (IETF) standard, that
> provides data security and integrity across two different end points in a
> network. This protocol has made its way to a number of applications such as
> web browsing, email, internet faxing, messaging, VOIP etc. And supporting
> this cipher suite at the core of Hadoop would give a good synergy with the
> applications on top and also bolster industry adoption of Hadoop.
> The Server and Client code in Hadoop IPC should support the following modes
> of communication
> 1. Plain
> 2. SASL encryption with an underlying authentication
> 3. SSL based encryption and authentication (x509 certificate)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
