Hi developers, I am quite new to Hadoop, we are considering to integrate one new feature TCP (trust computing pools) into apache Hadoop in order to enhance the security of compute node or data node in Hadoop cluster. Trusted compute pools (TCP) include tboot, remote attestation and some hardware and firewall components from Intel TXT(R) which are designed to provide a trusted computing environment, all the compute nodes in the trusted pool have been measured and protected based on software and hardware, so we believe this idea will provide a more secure ecosystem to make sure the storage nodes and compute nodes in hadoop is trusted and security
There are already some successful story, such as TCP integrates with openstack (http://docs.openstack.org/grizzly/openstack-compute/admin/content/trusted-compute-pools.html) and TCP integrates with oVirt (http://wiki.ovirt.org/Trusted_compute_pools) Our current effort are trying to embed some code in the module of node manager and resource manager, node manager call the API provided by TCP to determine the trustworthiness of the compute node and send the information to resource manager. so scheduler would dispatch the tasks only on the trusted node in the cluster, if there are no trusted node in the cluster, the task will blocked until there are some trusted container available which belong to a trusted node. We assume the tasks running on the trust node will return trusted data. Does this idea feasible? One critical technical issue is we are not sure where to implement our logic in the module of node manager and resource manager, is it possible from anyone of you co-worker with us or give us some hint? which java class match well with our logic and where is class? as you know, the question is elementary as we are indeed not quite familiar with apache Hadoop verison. thanks in the advance for any of your input! Best Regards, Dave Chen
smime.p7s
Description: S/MIME cryptographic signature
