Analysis: Huawei big data security practice

FusionInsight is based on open source community software Hadoop to enhance the functionality of enterprise-class large data storage, query and analysis of a unified platform to help enterprises quickly build massive data information processing system.

FusionInsight is a fully open large data analysis platform, and for the financial, operators and other data-intensive industries operating maintenance, application development and other needs to create a highly reliable, high security, easy to use the operation and maintenance systems and full data modeling middleware The Huawei FusionInsight large data analysis platform framework shown in Figure B-4.

The large data analysis platform brings together a lot of data, facing more security threats and challenges, including data abuse and user privacy issues. Huawei FuisonInsight large data analysis platform to provide operational security system, from network security, host security, user security and data security to provide a full range of security protection (Figure B-5):

cyber security

The FusionInsight cluster supports network security through network-wide isolation.

Host security

Through the FusionInsight cluster nodes within the operating system security and other means to ensure the normal operation of the node, including the latest patch updates, operating system kernel security consolidation, operating system permissions control, port management, deployment of anti-virus software.

User security

Through the provision of identity authentication, authority control, audit control and other security measures to prevent users fake, unauthorized, malicious operations and other security threats:

Authentication. FusionInsight uses LDAP as the account management system, and through Kerberos on the account information for security authentication; unified Manager system users and component users of the management and certification, to provide single sign-on.

Authority control. Based on the user and role of the unified authentication system, follow the account / role RBAC (role-based access control) model to achieve through the role of rights management, the user batch license management, reduce the difficulty of cluster management; through the role of creating component resources (Such as files, directories, tables, databases, columns, and so on); grant roles to users / user groups to simplify user / user group privilege configuration.

Audit log. The FusionInsight audit log records user action information to quickly locate the system for malicious operations and attacks and to avoid user-sensitive information in the audit log: to ensure that each user's destructive business operations are logged and audited to ensure user service Can be backtracking; for the system to provide audit log query, export function, can provide users with security events after the retrospective, locate the cause of the problem and the important means of dividing the accident liability.

Data Security

From the cluster disaster recovery, backup, data integrity, data confidentiality and other aspects to ensure the safety of user data.

File system encryption: Hive, HBase can table, field encryption, cluster internal user information to prohibit the plaintext storage;

Encryption flexibility: encryption algorithm plug-in, can be expanded, can also be developed. Non-sensitive data can not be encrypted, does not affect performance;

Business transparent: the upper business only need to specify sensitive data (Hive and HBase table level, column level encryption), encryption and decryption process business is not aware of.

Data disaster recovery

FusionInsight cluster disaster recovery for the internal storage of user data to provide real-time remote data disaster recovery function; it provides a basic operation and maintenance tools, including the main backup cluster relationship maintenance, data reconstruction, data validation, data synchronization progress view and other functions The (Source: Bureau of data compiled: China Electronic Commerce Research Center)

Internet Research Papers