Support Questions
Find answers, ask questions, and share your expertise

Performance Impact of Security (SSL, TDE, Ranger, Kerberos, Knox)

Solved Go to solution

Performance Impact of Security (SSL, TDE, Ranger, Kerberos, Knox)

Hi All,

I am looking for what the overall and by component performance impact for implementing all security components in HDP including SSL, TDE, Ranger Kerberos and Knox.

I have found a few links regarding SSL and Knox but can't seem to find anything comprehensive enough.

Thanks,

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Performance Impact of Security (SSL, TDE, Ranger, Kerberos, Knox)

Hi Andrew,

The recommendation is to start with an unsecure cluster and to add levels of protections one by one to allow benchmarking. Overhead will depend of the use of the cluster.

The numbers I have are the following:

- wire encryption inside the cluster: 2x overhead

- data encryption (Ranger KMS): 15%-20% overhead (but I guess it highly depends of what you are encrypting, not sure every single file must be encrypted).

- for Kerberos, Knox and Ranger: this is not significant and it depends of the installation and the use (network performance to KDC, number of Knox gateways, etc). regarding Ranger, since rules are "copied" locally for each service this not significant.

Hope that helps.

View solution in original post

2 REPLIES 2

Re: Performance Impact of Security (SSL, TDE, Ranger, Kerberos, Knox)

Hi Andrew,

The recommendation is to start with an unsecure cluster and to add levels of protections one by one to allow benchmarking. Overhead will depend of the use of the cluster.

The numbers I have are the following:

- wire encryption inside the cluster: 2x overhead

- data encryption (Ranger KMS): 15%-20% overhead (but I guess it highly depends of what you are encrypting, not sure every single file must be encrypted).

- for Kerberos, Knox and Ranger: this is not significant and it depends of the installation and the use (network performance to KDC, number of Knox gateways, etc). regarding Ranger, since rules are "copied" locally for each service this not significant.

Hope that helps.

View solution in original post

Re: Performance Impact of Security (SSL, TDE, Ranger, Kerberos, Knox)

New Contributor

Hi,

 

I can see significant impact on the hive query after implementation of Ranger and using mysql 5.7.

How can we reduce the response time added due to the Ranger.