Protect Your Big Data with Intel® Xeon® Processors and Intel® Software Products for Apache* Hadoop*
BIGS003
Bing Wang, Product Manager, Intel
Tianyou Li, System Architect & Engineering Manager, Intel
Haidong Xia, Cloud Security Designer, Intel
2
Agenda
• Big Data Security Trend • Intel® Distribution for Apache Hadoop*
• Intel Distribution for Apache Hadoop Encryption • Intel Distribution for Apache Hadoop Role Based
Access Control • Summary/Call to Action
The PDF for this Session presentation is available from our Technical Session Catalog at the end of the day at: intel.com/go/idfsessionsBJ
URL is on top of Session Agenda Pages in Pocket Guide
3
Agenda
• Big Data Security Trend • Intel® Distribution for Apache Hadoop*
• Intel Distribution for Apache Hadoop Encryption • Intel Distribution for Apache Hadoop Role Based
Access Control • Summary/Call to Action
4
Billions connected users and devices sharing
>3000 exabytes of new integrated devices & Cloud traffic
Structured data
Unstructured data
Time
Volume
690% Storage growth
Big Data Insights … New Frontier for Innovation
Cell Phones 5.3 bn
Skype* 663m
Facebook*
629m
Hotmail* 364m Yahoo*
273m
Data processing costs
Traditional MPP - $50K
per terabyte
Arrival of massive data
Dramatic ROI
New analytics tools & processing Biz info
products & insights
Sensed data
Social data
Network data
Corporate data
Scientific data
690 percent growth in storage capacity based off Intel analysis and IDC data, between 2010 (26,066 petabytes) to 2015 (179,327) which is ~690%
5
Big Data Security Concerns
Access Control • Who can access the
data? −Need granular control
for data access
Data Protection • How to protect sensitive
data: −PII, customer info, IP,
credit card, … • Regulatory and compliance
requirments
BIG DATA • Encryption is method of choice for data protection
• Encryption was infeasible due to performance overhead
• No built-in access control in current Big Data framework
6
Agenda
• Big Data Security Trend • Intel® Distribution for Apache Hadoop*
• Intel Distribution for Apache Hadoop Encryption • IDH Role Based Access Control • Summary/Call to Action
7
Industry’s 1st hardware-assisted encryption
Automatic tuning of Hadoop* cluster configuration
Role-based access control & granular ACLs in HBase*
Multi-site scalability and adaptive replication in
HBase
Intel® Distribution for Apache Hadoop* Software
This session focus
Intel® Manager for Apache Hadoop* software Deployment, Configuration, Monitoring, Alerts, and Security
HDFS 2.0.3 Hadoop Distributed File System
YARN (MRv2) Distributed Processing Framework H
Bas
e 0.
94.1
Col
umna
r Sto
re
Zoo
Kee
per*
3.4
.5
Coo
rdin
atio
n
Flum
e* 1
.3.0
Lo
g Col
lect
or
Sqo
op*
1.4.
1 D
ata
Exch
ange
Pig* 0.9.2
Scripting
Hive* 0.9.0
SQL Query
Oozie* 3.3.0
Workflow
Mahout* 0.7
Machine Learning
R connectors
Statistics
Intel enhancements contributed back to open source
Open source components included without change Intel proprietary
8
&$!@... Data was encrypted, how can I crack it?
I have the key and passphrase, I can recover the data via Intel tool
Hadoop* Encryption: Protect Data from “Disk Leak”
9
Agenda
• Big Data Security Trend • Intel® Distribution for Apache Hadoop*
• Intel Distribution for Apache Hadoop Encryption • Intel Distribution for Apache Hadoop Role Based
Access Control • Summary/Call to Action
10
Data Protection with Intel® AES-NI Efficient Ways to Use Encryption for Data Protection
• 7 instructions that expose special math functions built in the processor accelerate AES
• Makes enabled encryption software faster and stronger
Internet Intranet
Intel® AES-NI:
Data in Motion Secure transactions used pervasively in ecommerce, banking, etc.
Data in Process Most enterprise and cloud applications offer encryption options to secure information and protect confidentiality
Data at Rest Full disk encryption software protects data while saving to disk
Intel® Advanced Encryption Standard New Instructions
11 11
MapReduce
RecordReader
Map
Combiner
Partitioner
Local Merge & Sort
Reduce
RecordWriter
HDFS
Client
Decrypt
Encrypt
Derivative Encrypt
Derivative Decrypt
Intel® Distribution for Apache Hadoop* Software: Encryption Framework
12
Crypto Codec Framework • Extends compression codec and establishes a
common abstraction of the API level that can be shared by all crypto codec implementations as well as users that use the API
CryptoCodec cryptoCodec = (CryptoCodec) ReflectionUtils.newInstance(codecClass, conf);
CryptoContext cryptoContext = new CryptoContext(); ... cryptoCodec.setCryptoContext(cryptoContext); CompressionInputStream input = cryptoCodec.createInputStream(inputStream); …
• Provides a foundation for other components in Hadoop* such as MapReduce or HBase* to support encryption features
13
Crypto Codec Framework: Class Hierarchy
<<Java Interface>>
Compressor
<<Java Interface>>
Compression Code
<<Java Interface>>
Decompressor
<<Java Interface>>
Encryptor
<<Java Interface>>
Decryptor <<Java Interface>>
Crypto Codec
<<Java Class>>
Crypto Context
<<Java Interface>>
Key Provider
<<Java Interface>>
Key ProfileResolver <<Java Class>>
Key
<<Java Class>>
KeyProfile
0..1 0..1
0..1
14
Crypto Codec File Format
Block Block Block Block …
Sync Mark
(16 byte)
Block header
Algorithm header
Original Size
(4 byte)
Encrypted Size (4 byte)
Encryption data …
Compressed Size (4 byte)
Compressed data
Compressed Size (4 byte)
Compressed data …
Stream header
length (4 byte)
Stream header
IV (16 byte)
Encryption Data
Version (4
byte)
Key profile header
Exten-sion
header
15
Crypto Codec: API Example The usage is aligned with compression codec but with context supporting. Configuration conf = new Configuration(); CryptoCodec cryptoCodec = (CryptoCodec) ReflectionUtils.newInstance(AESCodec.class, conf); CryptoContext cryptoContext = new CryptoContext(); cryptoContext.setKey(Key.derive(password)); cryptoCodec.setCryptoContext(cryptoContext); DataInputStream input = inputFile.getFileSystem(conf).open(inputFile); DataOutputStream outputStream = outputFile.getFileSystem(conf).create(outputFile); CompressionOutputStream output = cryptoCodec.createOutputStream(outputStream); // encrypt the stream writeStream(input, output); input.close(); output.close();
16
Crypto Codec: A Simple MapReduce Example
The usage is aligned with compression codec usage in MapReduce job but with context resolving.
Job job = Job.getInstance(conf, "example"); JobConf jobConf = (JobConf)job.getConfiguration(); FileMatches fileMatches = new FileMatches( KeyContext.refer("KEY00", Key.KeyType.SYMMETRIC_KEY, "AES", 128)); fileMatches.addMatch("^.*/input1\\.intelaes$", KeyContext.refer("KEY01", Key.KeyType.SYMMETRIC_KEY, "AES", 128)); String keyStoreFile = "file:///" + secureDir + "/my.keystore"; String keyStorePasswordFile = "file:///" + secureDir + "/my.keystore.passwords"; KeyProviderConfig keyProviderConfig = KeyProviderCryptoContextProvider.getKeyStoreKeyProviderConfig( keyStoreFile, "JCEKS", null, keyStorePasswordFile, true); KeyProviderCryptoContextProvider.setInputCryptoContextProvider( jobConf, fileMatches, true, keyProviderConfig);
17
Key Distribution and Protection for MapReduce
• Targets – A framework at MapReduce side for enabling crypto codec in
MapReduce job such as key context resolving, distribution and protection
– Enabling different key storage or management systems to plug-in for providing keys
– Satisfying the common requirements that stage and file of a single job may use different keys
• A complete key management system is not part of Intel® Distribution for Apache Hadoop* Software – An API to integrate with an external key manage system is
included
18
Test Environment
Processor Intel® Xeon® processor E5-2690 @2.90GHz (32 core, only 1 core is used)
Software Intel® Distribution for Apache Hadoop* version 2.3
Memory 32GB Operating System CentOS* 6.3 Encryption Software
OpenSSL* 1.0.1c (Intel® AES-NI enabled)
File System Apache Hadoop Distributed File System (HDFS*)—namemode, datanode, and the test program were all run on the same server
Storage 240 GB Intel® Solid-State Drive (SSD) 320 Series Test Input 1 GB text file Input Buffer Size 64K, 4K, 1K – data size for calling
encryption/decryption interface each time
19
4/10/2013 19
64k 4k 1kAES-NI 460 457 454No AES-NI 87 87 86
050
100150200250300350400450500
Sp
eed
(MB
/s)
AES Encryption Higher is better
Up to 5.3x
Encryption in Memory
Software and workloads used in performance tests may have been optimized for performance only on Intel® microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to http://www.intel.com/performance.
AES = Intel® Advanced Encryption Standard New Instructions
20
64k 4k 1kAES-NI 1266 1259 1253No AES-NI 64 63 63
0
200
400
600
800
1000
1200
1400
Sp
eed
(MB
/s)
AES-Decryption Higher is better
4/10/2013 20
Up to 19.8x
Decryption in Memory
Software and workloads used in performance tests may have been optimized for performance only on Intel® microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to http://www.intel.com/performance.
AES = Intel® Advanced Encryption Standard New Instructions
21
Combining Encryption with Compression (Memory-to-HDFS Transfer)
114 113 115 84 86 89
58 59 58
475 489
464 436
468 435
292 282 280
56 55 55 53 52 53 52 51 51 57 56 56 55 55 55 52 53 52
0
100
200
300
400
500
600
64k 4k 1k
Thro
ug
hp
ut
(MB
/s)
hdfs io write aes w/ AES-NI aes w/o AES-NIsnappy + hdfs io aes + snappy w/ AES-NI aes + snappy w/o AES-NIgzip + hdfs io aes + gzip w/ AES-NI aes + gzip w/o AES-NIzlib + hdfs io aes + zlib w/ AES-NI aes + zlib w/o AES-NI
Higher is better
Up to 1.5X faster with Intel® AES-NI Software and workloads used in performance tests may have been optimized for performance only on Intel® microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to http://www.intel.com/performance. aes = Intel® Advanced Encryption Standard New Instructions, HDFS = Hadoop* Distributed File System
22
Combining Decryption with Decompression (HDFS-to-Memory File Transfer)
565 566 557
410 409 417
57 56 56
1199
1287 1231
1072 1104 1048
322 324 325
466 476 471 456 461 455
299 300 299
661 677 661 611 635 624
365 369 367
0
200
400
600
800
1000
1200
1400
64k 4k 1k
Thro
ug
hp
ut
(MB
/s)
hdfs io read aes w/ AES-NI aes w/o AES-NIsnappy + hdfs io aes + snappy w/ AES-NI aes + snappy w/o AES-NIgzip + hdfs io aes + gzip w/ AES-NI aes + gzip w/o AES-NIzlib + hdfs io aes + zlib w/ AES-NI aes + zlib w/o AES-NI
Higher is better
Up to 3.3X faster with Intel® AES-NI
Software and workloads used in performance tests may have been optimized for performance only on Intel® microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to http://www.intel.com/performance. aes = Intel® Advanced Encryption Standard New Instructions, HDFS = Hadoop* Distributed File System
23
Where to Find the Source Code… • Patch and design document already submit to
HADOOP-9331
• A working fork of Hadoop* with encryption framework can be found in GitHub project
24
Agenda
• Big Data Security Trend • Intel® Distribution for Apache Hadoop*
• Intel Distribution for Apache Hadoop Encryption • Intel Distribution for Apache Hadoop Role Based
Access Control • Summary/Call to Action
25
Role Based Access Control (RBAC): Overview
Users
Groups
HDFS Permissions
HBase*
Permissions
Hive*
Permissions
MapReduce
Permissions
Role
Intel Manager
• User/Group & Roles will be translated into configuration files
• ACL configurations will be pushed into every required node
Active Directory
HDFS = Hadoop* Distributed File System
26
RBAC: Role Definition
• Role is a collection of permissions
• Permission can have resource parameters
• Role can be associate to users/groups
• One user/group can have multiple roles
• Currently we do not support role nesting
27
RBAC: Role Definition
28
RBAC: User Association
29
Beyond This…Project Rhino! • A common authorization framework for the Hadoop*
ecosystem
• Token based authentication and single sign on
• Extend Hbase* support for ACLs to the cell level
• Improve audit logging Please visit:
https://github.com/intel-hadoop/project-rhino/
30
Agenda
• Big Data Security Trend • Intel® Distribution for Apache Hadoop*
• Intel Distribution for Apache Hadoop Encryption • Intel Distribution for Apache Hadoop Role Based
Access Control • Summary/Call to Action
31
Summary/Call to Action
• Intel® Xeon® processor based servers provide a strong foundation for big data workloads
• Intel® Distribution for Apache Hadoop* with Intel Xeon processors provides breakthrough data security and access control for big data analytics
• Develop applications to leverage Intel Distribution for Apache Hadoop Security capabilities
• Deploy big data solutions with Intel Distribution for Apache Hadoop on Intel Xeon processor-based servers
32
Additional Resources • Intel® AES-NI Website • Intel® Distribution for Apache Hadoop* Website • Intel AES-NI animation • Secure Cloud with High Performing Intel® Data
Protection Technologies animation • “The Rijndael Cipher” - an AES tutorial animation • Shay Gueron, “Advanced Encryption Standard (AES)
Instruction Set rev 2”, Intel whitepaper, June 2009. • Shay Gueron, Michael Kounavis, “Carry-less
multiplication and its usage for computing the GCM Mode”, Intel whitepaper, August 2009
• Intel AES-NI use with IBM DB2 database white paper
Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI)
33
Legal Disclaimer INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. • A "Mission Critical Application" is any application in which failure of the Intel Product could result, directly or indirectly, in
personal injury or death. SHOULD YOU PURCHASE OR USE INTEL'S PRODUCTS FOR ANY SUCH MISSION CRITICAL APPLICATION, YOU SHALL INDEMNIFY AND HOLD INTEL AND ITS SUBSIDIARIES, SUBCONTRACTORS AND AFFILIATES, AND THE DIRECTORS, OFFICERS, AND EMPLOYEES OF EACH, HARMLESS AGAINST ALL CLAIMS COSTS, DAMAGES, AND EXPENSES AND REASONABLE ATTORNEYS' FEES ARISING OUT OF, DIRECTLY OR INDIRECTLY, ANY CLAIM OF PRODUCT LIABILITY, PERSONAL INJURY, OR DEATH ARISING IN ANY WAY OUT OF SUCH MISSION CRITICAL APPLICATION, WHETHER OR NOT INTEL OR ITS SUBCONTRACTOR WAS NEGLIGENT IN THE DESIGN, MANUFACTURE, OR WARNING OF THE INTEL PRODUCT OR ANY OF ITS PARTS.
• Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on the absence or characteristics of any features or instructions marked "reserved" or "undefined". Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.
• The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.
• Intel product plans in this presentation do not constitute Intel plan of record product roadmaps. Please contact your Intel representative to obtain Intel's current plan of record product roadmaps.
• Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families. Go to: http://www.intel.com/products/processor_number.
• Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order. • Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be
obtained by calling 1-800-548-4725, or go to: http://www.intel.com/design/literature.htm • Code names featured are used internally within Intel to identify products that are in development and not yet publicly
announced for release. Customers, licensees and other third parties are not authorized by Intel to use code names in advertising, promotion or marketing of any product or services and any such use of Intel's internal code names is at the sole risk of the user
• Intel, Xeon, Sponsors of Tomorrow and the Intel logo are trademarks of Intel Corporation in the United States and other countries.
• *Other names and brands may be claimed as the property of others. • Copyright ©2013 Intel Corporation.
34
Legal Disclaimer
• Intel® AES-NI requires a computer system with an AES-NI enabled processor, as well as non-Intel software to execute the instructions in the correct sequence. AES-NI is available on select Intel® processors. For availability, consult your reseller or system manufacturer. For more information, see Intel® Advanced Encryption Standard Instructions (AES-NI)
• Intel® Trusted Execution Technology (Intel® TXT): No computer system can provide absolute security under all conditions. Intel® TXT requires a computer with Intel® Virtualization Technology, an Intel TXT enabled processor, chipset, BIOS, Authenticated Code Modules and an Intel TXT compatible measured launched environment (MLE). Intel TXT also requires the system to contain a TPM v1.s. For more information, visit http://www.intel.com/technology/security.
• Intel® Virtualization Technology (Intel® VT) requires a computer system with an enabled Intel® processor, BIOS, and virtual machine monitor (VMM). Functionality, performance or other benefits will vary depending on hardware and software configurations. Software applications may not be compatible with all operating systems. Consult your PC manufacturer. For more information, visit http://www.intel.com/go/virtualization.
• Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark* and MobileMark*, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more information go to http://www.intel.com/performance.
• Any software source code reprinted in this document is furnished under a software license and may only be used or copied in accordance with the terms of that license.
• Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
35
Risk Factors The above statements and any others in this document that refer to plans and expectations for the first quarter, the year and the future are forward-looking statements that involve a number of risks and uncertainties. Words such as “anticipates,” “expects,” “intends,” “plans,” “believes,” “seeks,” “estimates,” “may,” “will,” “should” and their variations identify forward-looking statements. Statements that refer to or are based on projections, uncertain events or assumptions also identify forward-looking statements. Many factors could affect Intel’s actual results, and variances from Intel’s current expectations regarding such factors could cause actual results to differ materially from those expressed in these forward-looking statements. Intel presently considers the following to be the important factors that could cause actual results to differ materially from the company’s expectations. Demand could be different from Intel's expectations due to factors including changes in business and economic conditions; customer acceptance of Intel’s and competitors’ products; supply constraints and other disruptions affecting customers; changes in customer order patterns including order cancellations; and changes in the level of inventory at customers. Uncertainty in global economic and financial conditions poses a risk that consumers and businesses may defer purchases in response to negative financial events, which could negatively affect product demand and other related matters. Intel operates in intensely competitive industries that are characterized by a high percentage of costs that are fixed or difficult to reduce in the short term and product demand that is highly variable and difficult to forecast. Revenue and the gross margin percentage are affected by the timing of Intel product introductions and the demand for and market acceptance of Intel's products; actions taken by Intel's competitors, including product offerings and introductions, marketing programs and pricing pressures and Intel’s response to such actions; and Intel’s ability to respond quickly to technological developments and to incorporate new features into its products. The gross margin percentage could vary significantly from expectations based on capacity utilization; variations in inventory valuation, including variations related to the timing of qualifying products for sale; changes in revenue levels; segment product mix; the timing and execution of the manufacturing ramp and associated costs; start-up costs; excess or obsolete inventory; changes in unit costs; defects or disruptions in the supply of materials or resources; product manufacturing quality/yields; and impairments of long-lived assets, including manufacturing, assembly/test and intangible assets. Intel's results could be affected by adverse economic, social, political and physical/infrastructure conditions in countries where Intel, its customers or its suppliers operate, including military conflict and other security risks, natural disasters, infrastructure disruptions, health concerns and fluctuations in currency exchange rates. Expenses, particularly certain marketing and compensation expenses, as well as restructuring and asset impairment charges, vary depending on the level of demand for Intel's products and the level of revenue and profits. Intel’s results could be affected by the timing of closing of acquisitions and divestitures. Intel’s current chief executive officer plans to retire in May 2013 and the Board of Directors is working to choose a successor. The succession and transition process may have a direct and/or indirect effect on the business and operations of the company. In connection with the appointment of the new CEO, the company will seek to retain our executive management team (some of whom are being considered for the CEO position), and keep employees focused on achieving the company’s strategic goals and objectives. Intel's results could be affected by adverse effects associated with product defects and errata (deviations from published specifications), and by litigation or regulatory matters involving intellectual property, stockholder, consumer, antitrust, disclosure and other issues, such as the litigation and regulatory matters described in Intel's SEC reports. An unfavorable ruling could include monetary damages or an injunction prohibiting Intel from manufacturing or selling one or more products, precluding particular business practices, impacting Intel’s ability to design its products, or requiring other remedies such as compulsory licensing of intellectual property. A detailed discussion of these and other factors that could affect Intel’s results is included in Intel’s SEC filings, including the company’s most recent Form 10-Q, report on Form 10-K and earnings release. Rev. 1/17/13
36
Backup
37
Velocity Real-time rather than batch-style analysis Data streamed in, tortured, and discarded Making impact on the spot rather than
after-the-fact
Pillars & Challenges of Big Data
Volume Massive scale and growth of unstructured data 80%~90% of total data Growing 10x~50x faster than structured (relational) data 10x~100x of traditional data warehousing
Variety Heterogeneity and variable nature of Big Data Many different forms (text, document, image, video...) No schema or weak schema Inconsistent syntax and semantics
Value Predictive analytics for future trends and patterns Deep, complex analysis (machine learning, statistic modeling,
graph algorithms…) versus Traditional business intelligence (querying, reporting…)
38
HDFS File Encryption: Architecture Overview
Encryption Codec
Key Management
Native Crypto Lib
Input Data Stream Output Data Stream
Encrypt/Decrypt Buffer
HDFS = Hadoop* Distributed File System