Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Performance Impact of Security (SSL, TDE, Ranger, Kerberos, Knox)

Labels:
avatar
author-rank awatson
Guru

Created ‎05-03-2016 08:42 PM

Hi All,

I am looking for what the overall and by component performance impact for implementing all security components in HDP including SSL, TDE, Ranger Kerberos and Knox.

I have found a few links regarding SSL and Knox but can't seem to find anything comprehensive enough.

Thanks,

2,705 Views
1 ACCEPTED SOLUTION

avatar
author-rank pvillard author-rank
Guru

Created ‎05-04-2016 06:20 AM

Hi Andrew,

The recommendation is to start with an unsecure cluster and to add levels of protections one by one to allow benchmarking. Overhead will depend of the use of the cluster.

The numbers I have are the following:

- wire encryption inside the cluster: 2x overhead

- data encryption (Ranger KMS): 15%-20% overhead (but I guess it highly depends of what you are encrypting, not sure every single file must be encrypted).

- for Kerberos, Knox and Ranger: this is not significant and it depends of the installation and the use (network performance to KDC, number of Knox gateways, etc). regarding Ranger, since rules are "copied" locally for each service this not significant.

Hope that helps.

View solution in original post

1,977 Views
2 REPLIES 2

avatar
author-rank pvillard author-rank
Guru

Created ‎05-04-2016 06:20 AM

Hi Andrew,

The recommendation is to start with an unsecure cluster and to add levels of protections one by one to allow benchmarking. Overhead will depend of the use of the cluster.

The numbers I have are the following:

- wire encryption inside the cluster: 2x overhead

- data encryption (Ranger KMS): 15%-20% overhead (but I guess it highly depends of what you are encrypting, not sure every single file must be encrypted).

- for Kerberos, Knox and Ranger: this is not significant and it depends of the installation and the use (network performance to KDC, number of Knox gateways, etc). regarding Ranger, since rules are "copied" locally for each service this not significant.

Hope that helps.

1,978 Views

avatar
author-rank Himanshu_
New Contributor

Created ‎11-14-2019 10:59 PM

Hi,

 

I can see significant impact on the hive query after implementation of Ranger and using mysql 5.7.

How can we reduce the response time added due to the Ranger.

1,899 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements