Securing the Big Data Life Cycle - Oracle · Securing the Big Data Life Cycle Neil Mendelson Vice...
Transcript of Securing the Big Data Life Cycle - Oracle · Securing the Big Data Life Cycle Neil Mendelson Vice...
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Securing the Big Data Life Cycle
Neil MendelsonVice PresidentBig Data & Advanced AnalyticsServer Technology@neilmendelsonOctober 27, 2015
Oracle Confidential – Internal/Restricted/Highly Restricted
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Data & Analytics
TechnologyDIY Big Data withDIY Security
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Data & Analytics
Oracle Big Data
Focus on whatmatters most
Don’t assemble information, take advantage of it
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted
Oracle Big Data Appliance*2X Faster
than Do-It-Yourself1
• Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit http://www.intel.com/performance. Tests document performance of components on a particular test, in specific systems. Differences in hardware, software, or configuration will affect actual performance. Consult other sources of information to evaluate performance as you consider your purchase. For more complete information about performance and benchmark results, visit http://www.intel.com/performance. 1 - Configurations were compared by using the Big Data Benchmark for BigBench.Oracle* Big Data Appliance configuration included 6 nodes comprised of: Intel® Xeon® CPU E5-2699 v3 (HT enabled) with 128 GB DDR4, 12 X 4TB HDD, Infinibandnetwork (1 connection) observed max throughput 24 Gb/sec, Oracle* Linux Enterprise 6, and CDH* 5.4.4 with modified configuration. DIY cluster configuration included 6 nodes comprised of: Intel® Xeon® CPU E5-2699 v3 (HT enabled) with 128 GB DDR4, 1 x 64GB SSD for OS, 12 X 4TB HDD, 10Gb network (1 connection), CentOS* 6.6, CDH* 5.3.3 with minimal changes. 21% Cost Savings and 30% Faster Time to Value figures based on ESG Report: Getting real about Big Data: Build versus Buy
Cost Savings21%
30% Faster Time to Value
2X Faster
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Mammoth automates the setup of a secure cluster
– Installs and configures Kerberos for strong authentication
– Integrates with MS Active Directory (new with BDA 4.2)
– Configures auditing with optional Oracle Audit Vault
– Configures Encryption
– Installs and configures Sentry to manage authorization
Big Data Appliance Secure Installation
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Query all your Data: Hadoop, NoSQL & Relational
Extending Data Management
NoSQL
{MapReduce} {APIs} SQLOracle Big Data SQL
SQL RESTPython GraphRnode.js Java
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Extend Oracle Data Management SecurityUsing Oracle Big Data SQL with Oracle DB Security
Redacteddata
subset
SQL
JSON dataunconverted
in Hadoop
JSON
Customer datain Oracle DB
DBMS_REDACT.ADD_POLICY(
object_schema => 'txadp_hive_01',
object_name => 'customer_address_ext',
column_name => 'ca_street_name',
policy_name => 'customer_address_redaction',
function_type => DBMS_REDACT.RANDOM,
expression => 'SYS_CONTEXT(''SYS_SESSION_ROLES'',
''REDACTION_TESTER'')=''TRUE'''
);
Use standard Oracle Security over Hadoop & NoSQL
• Grant & Revoke Privileges
• Redact Data
• Apply Virtual Private Database
• Provides Fine-grain Access Control
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Audit Vault and Database FirewallAPPS
Users
AUDIT VAULT
Firewall Events
Reports
!Alerts
Policies
Auditor
Security Manager
Database Firewall
Big Data SQL
AUDITDATA
Operating SystemsFile SystemsDirectories
Custom Audit Data
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Big Data Platform
FastData
DataFactory
DataLab
Data Management
Oracle Big Data Cloud Services
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 11