Re-thinking Security in a Distributed Storage System


In our current data driven world, the ability to store massive amounts of data is inevitable for not just large enterprises. As the legislation evolves, there are more and more requirements against distributed storage systems, but security has been there since the beginning, just as in Apache Ozone. We have different layers where security considerations have to play a central role. Data storage, data access, data transfer, or encryption just to name a few. All layers have their own specialities, and an already established frame for solutions defined mainly by already mature systems. Such as expected performance, general mechanisms, and the protection of data on all levels have a fairly established set of requirements.

In this talk I will highlight Ozone's security features, and how authentication, and authorization are implemented, along with the main concepts within Ozone. After the general overview, the presentation goes on a deep dive into the security of our communication between services, how we achieve that, and what were the most recently found improvement areas within the realms of performance and security, how these affect Ozone users, and what solution we have chosen to improve.

Istvan Fajth
Related Sessions