No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FusionInsight HD V100R002C60SPC200 Product Description 06

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Enhanced Features

Security Enhanced Features

Huawei FusionInsight HD is a platform for massive data management and analysis and features high security. It ensures user data and service running security from the following aspects:

  • Network isolation

    Huawei FusionInsight HD divides the entire network into two planes: the service plane and management plane. The two planes are physically isolated to ensure security of the service and management networks.

    • FusionInsight HD interworks with the service network through the service plane to provide service channels, data storage and access, task submission, and computing capabilities for enterprise users.
    • FusionInsight HD interworks with the operation and maintenance (O&M) network through the management plane to provide the management and maintenance functions, especially cluster management and cluster monitoring, configuration, auditing, and user management services for enterprise users.
  • Host security
    Users can deploy third-party antivirus software based on their service requirements. For the operating system (OS) and interfaces, Huawei FusionInsight HD provides the following security measures:
    • Hardening OS kernel security
    • Installing the latest OS patch
    • Controlling the OS rights
    • Managing OS interfaces
    • Preventing the OS protocols and interfaces from attacks
  • Application security

    Huawei FusionInsight HD provides the following measures to ensure proper running of big data services:

    • Identity authentication
    • Web application security
    • Access control
    • Auditing security
    • Password security
  • Data security

    For massive user data, Huawei FusionInsight HD provides the following measures to ensure data confidentiality, integrity, and availability:

    • Disaster recovery (DR): FusionInsight HD provides the remote DR function by configuring the active/standby cluster relationship and data tables to be synchronized. When data of the active cluster is damaged due to disasters, such as flood or earthquake, the standby cluster immediately takes over services.
    • Backup: FusionInsight HD provides backup for data on the OMS, HBase, Hadoop Distributed File System (HDFS), and Lightweight Directory Access Protocol (LDAP) server.
  • Data integrity

    Data verification ensures data integrity during storage and transmission.

    • During software installation, sha256 verification is performed for the software package, preventing the software package or programs being tampered.
    • User data is stored on the HDFS. The HDFS verifies data correctness using CRC32C.
    • The DataNode of the HDFS stores and verifies data. If data sent from the client is abnormal (incomplete), the DataNode sends an error message to the client and requires the client to rewrite the data.
    • When the client reads data from the DataNode, the client also checks the data integrity. If the data is incomplete, the client reads data from other DataNodes.
  • Data confidentiality

    The HDFS incorporates encrypted storage for file contents based on the Apache Hadoop version to prevent sensitive data being stored in plain text and improves the data security. Service applications need only to encrypt specified sensitive data. The data encryption and decryption processes are unknown to enterprise users. In addition, Hive implements table-level encryption, and HBase implements column-level encryption. During data creation, specify the encryption algorithm to ensure encrypted storage of sensitive data.

    The data confidentiality is ensured by encrypted data storage and access control.

    • The HBase compresses data before storing the data to the HDFS. In addition, users can configure the AES and SMS4 algorithms to ensure encrypted storage.
    • Each component supports setting of access rights for local data directories. Unauthorized users cannot access the data.
    • Information about users in a cluster is stored in encrypted mode.
  • Security authentication
    • The unified user- and role-based authentication system complies with the role-based access control model to manage rights based on the role, ensuring batch user rights authorization.
    • FusionInsight HD supports the security protocol Kerberos, uses the LDAP server as the account management system, and authenticates account information using Kerberos.
    • FusionInsight HD provides single sign-on (SSO) to provide unified management and authentication for system users and component users of FusionInsight HD.
    • FusionInsight HD provides auditing for users logging in to FushionInsight Manager.
    • FusionInsight HD provides the unified certificate management function, which allows certificates of the entire cluster to be configured and replaced in a unified manner on the portal. This makes users' certification replacement easier.
Updated: 2019-04-10

Document ID: EDOC1000104139

Views: 6708

Downloads: 66

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next