Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Performance Impact of Security (SSL, TDE, Ranger, Kerberos, Knox)

Labels:
avatar
author-rank awatson
Guru

Created ‎05-03-2016 08:42 PM

Hi All,

I am looking for what the overall and by component performance impact for implementing all security components in HDP including SSL, TDE, Ranger Kerberos and Knox.

I have found a few links regarding SSL and Knox but can't seem to find anything comprehensive enough.

Thanks,

2,882 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank pvillard author-rank
Guru

Created ‎05-04-2016 06:20 AM

Hi Andrew,

The recommendation is to start with an unsecure cluster and to add levels of protections one by one to allow benchmarking. Overhead will depend of the use of the cluster.

The numbers I have are the following:

- wire encryption inside the cluster: 2x overhead

- data encryption (Ranger KMS): 15%-20% overhead (but I guess it highly depends of what you are encrypting, not sure every single file must be encrypted).

- for Kerberos, Knox and Ranger: this is not significant and it depends of the installation and the use (network performance to KDC, number of Knox gateways, etc). regarding Ranger, since rules are "copied" locally for each service this not significant.

Hope that helps.

View solution in original post

2,154 Views
0
2 REPLIES 2

avatar
author-rank pvillard author-rank
Guru

Created ‎05-04-2016 06:20 AM

Hi Andrew,

The recommendation is to start with an unsecure cluster and to add levels of protections one by one to allow benchmarking. Overhead will depend of the use of the cluster.

The numbers I have are the following:

- wire encryption inside the cluster: 2x overhead

- data encryption (Ranger KMS): 15%-20% overhead (but I guess it highly depends of what you are encrypting, not sure every single file must be encrypted).

- for Kerberos, Knox and Ranger: this is not significant and it depends of the installation and the use (network performance to KDC, number of Knox gateways, etc). regarding Ranger, since rules are "copied" locally for each service this not significant.

Hope that helps.

2,155 Views
0

avatar
author-rank Himanshu_
New Contributor

Created ‎11-14-2019 10:59 PM

Hi,

 

I can see significant impact on the hive query after implementation of Ranger and using mysql 5.7.

How can we reduce the response time added due to the Ranger.

2,076 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements