How Big a Deal Is IoT? Much Bigger than Big Data
A quick heads-up that I’ll be participating in a DM Radio podcast on IoT (March 01, 2018) , to talk about IoT and its future. You can listen in on the live podcast at 3 PM Eastern / 12 PM Pacific (and I expect there’ll be a recording available, too). Click here to read more.
The Internet of Things really started humming in 2018, but the best has yet to come. Sure, there were some hiccups along the way, with refrigerators hijacked in massive distributed denial of service attacks, but for the most part, the IoT experience has gone pretty well. What does the future hold? So, so much more! Check out this episode of DM Radio to learn more. Host @eric_kavanagh will interview big data legend Kirk Borne of Booz Allen, and yours truly, Naren Gokul, along with several expert guests!
There have been many articles written and talks given over the last several years on abandoning the Enterprise Data Warehouse (EDW) in favor of an Enterprise Data Lake with some passionately promoting the idea and others just as passionately denying that this is achievable. In this article, I would like to take a more pragmatic approach to the case and try and lay down a process that enterprises should consider for a data management architecture.
The focus is on data lakes for enterprises, referred to as Enterprise Data Lake to distinguish it from data lakes created by internet, ad-tech or other technology companies that have different types of data and access requirements.
The Enterprise Data Warehouse
The much reviled and beleaguered Data Warehouse has been the mainstay of enterprises for over 20 years supporting business reports, dashboards and allowing analysts to understand how the business is functioning. Data Warehouses when built right provide robust security, audit and governance which is critical – especially with the increasing cyber-hacks today.
Alas – many data warehouse projects are so complex, they are never finished! Further, the strict, hierarchical governance that many IT departments created around the warehouse caused lots of frustration as business analysts and researchers cannot explore the data freely.
The Hadoop Phenomenon
When Hadoop entered the mainstream, the big attraction for business analysts and data scientists was the ability to store and access data outside the restrictive bounds of IT! This raised the exciting possibility of finding new insights into business operations, optimizing spend and finding new revenue streams.
3 Requirements for the Enterprise Data Lake
James Dixon coined the term Data Lake in 2010 to mean data flowing from a single source with the data being stored in its natural state. We have come some ways from that definition and the most common definition of a Data Lake today is a data repository for many different types and sources of data, be they structured or unstructured, internal or external, to facilitate different ways of accessing and analyzing the data. The Data Lake is built on Hadoop with the data stored in HDFS across a cluster of systems.
The 3 requirements for the Enterprise Data Lake are:
- It must collect and store data from one or more sources in its original, raw form and optionally, its various processed forms.
- It must allow flexible access to the data from different applications; for example, structured access to tables and columns as well as unstructured access to files.
- Entity and transaction data must have strong governance defined to prevent the lake from becoming a swamp.
Enterprise Data Lake Architecture
The diagram below shows an Enterprise Data Lake that ingests data from many typical systems such as CRM, ERP and other transactional systems. In addition, it is fed unstructured data from web logs, social media, IoT devices, third-party sites (such as DMP, D&B) creating a data repository. This rich data eco-system can now support combining multiple sources of data for more accurate analytics and never-before possible insights into business operations.
With technologies such as BigForce SNAP, it is possible to run existing enterprise Business Intelligence (BI) tools as well as perform exploratory analysis with visualization tools such as Tableau.
Enterprise Data Lake Governance
More importantly, the Hadoop eco-system now supports data governance through technologies like Ranger, Knox and Sentry. In combination with Kerberos, and enterprise identity management systems such as Active Directory (AD) or other LDAP frameworks, it is possible to implement strong security and governance rules. See “Implementing Hadoop Security” for details.
The Modern Enterprise Data Architecture
But what if you already have an existing EDW with hundreds of applications, some of which use complex analytics functions? How best can you leverage the EDW while also moving to a modern data architecture that allows new data sources to be integrated and empower your data scientists to integrate, enrich and analyze lots of data without the restrictions of the EDW?
A happy compromise between the data lake and data warehouse does exist and data architects and businesses have realized that it IS possible to build on the strengths of each system.
In this architecture, the data lake serves as the repository for all raw data, ingested from all the relevant data sources of an organization. Optionally, the data lake can also store cleansed and integrated data which is then also fed into the data warehouse. This way, newer BI applications can be built directly on the enterprise data lake while existing applications can continue to run on the EDW.
Data Governance in the Enterprise Data Lake
Data Governance policies for enterprise data in the EDW should also apply to the same data within the Enterprise Data Lake in most cases. Otherwise, this may lead to security holes and data inconsistencies between the two systems. If careful consideration is not given to governance, the data lake will turn into a data swamp !
However, since the data lake consists of all the raw data from operational systems as well as new data sources, it is possible to now provide data scientists and other analysts access to these data sets for new exploratory analytics.
Architecting a modern data architecture requires a thorough understanding of the requirements, existing applications and future needs and goals of the enterprise. Especially important to consider are Master data and Metadata management, governance and security as well as the right technologies.
At Orzota, we have built data lakes for a variety of businesses and have a methodology in place to ensure success. Contact us for more information.
What exactly is Artificial Intelligence?
Artificial intelligence is really starting to shape the world as we know it. The field of AI includes everything that has anything to do with the “intelligence” of a machine; and more specifically, that machine’s ability to imitate a human’s thought process and reasoning abilities.
While artificial intelligence develops programs to help solve problems, the patterns needed for solving a problem via AI is a lot different from the way a human would solve it. In a general sense, these programs that are developed are often designed to interpret, sort through, and provide insight from a vast amount of data. We want these AI programs to handle this data because it can process far more than a human brain ever could.
Four AI abilities
There are four abilities that contribute to artificial intelligence; and without them AI would not be what we expect.
Ability to sense
The first, the ability to sense, correlates directly with object recognition. In this case, object recognition is the picking out and identification of objects from different inputs such as videos and digital images. Natural Language Processing (NLP) also contributes to the ability to sense, meaning the ability to read text and make sense of it.
Ability to converse
The second, which is the ability to have a conversation, is the foundation to develop the ability to think. Predictive Analytics sums this up by identifying the likelihood of future outcomes based on historical data and algorithms (machine learning).
Ability to act
The third, the ability to act, refers to taking action based on thinking. This is also known as “Prescriptive Analytics,” and determines the best solutions/outcomes among various choices, with known parameters.
Ability to learn
The fourth and final ability, the ability to learn, includes automatically occurring self-improvements. Not only do these improvements need to happen, but we also need to understand how these improvements were made as they occur.
More than sci-fi robots
Throughout the advancement process of AI, the technology industry has made AI an essential part of its work. The advancement of this field has caused debate over whether AI is a threat to humanity or not. Artificial intelligence is NOT something to fear; and it IS more than just sci-fi robots taking over.
Of course, it’s easy to understand why some may think AI and robots are one in the same, getting some things mixed up. Pop culture can be blamed for this, because robots are often portrayed in such a way that may cause humans to worry about what exactly they may become. In reality, robots are physical machines created to carry out a specific task and artificial intelligence is used to develop programs to solve problems. When AI and robots are integrated, autonomous robots are born.
Practical uses today
Believe it or not, but artificial intelligence systems are seen every day. Interesting Engineering came up with a list of everyday applications of AI, which can be separated into two categories: consumer-focused and enterprise-focused.
Some consumer-focused applications include smart cars, video games, smart homes, and preventing heart attacks.
Examples of enterprise-focused applications are customer service, workflow automation, cybersecurity, and maintenance predictions.
With the increasing advancements in the field of artificial intelligence, we are destined to see more and more practical uses.
Orzota can help!
The Orzota BigForce Docu-AI Solution helps automate document workflows for insurance and finance use cases. It uses sophisticated AI techniques to parse documents (image files, PDFs, etc.), extracting information and key insights while providing instant search and analysis capabilities.
To find out more, please contact email@example.com.
Security is an essential part of Hadoop infrastructure in any organization. Let’s look at some of the key or need-to-have components in ensuring that infrastructure is secured from external compromises.
The key aspects of security are authentication, authorization and encryption. We will look at ways to implement all three in the content of Hadoop clusters – be it on the cloud or on-prem.
Network Level Security (Apache Knox):
Apache Knox is used to secure the perimeter of hadoop clusters to access data and to execute jobs. Knox can be deployed as clusters of Knox nodes, which acts as single access point and routes requests to the Hadoop rest and HTTP APIs and Provides SSO (single sign on) for multiple UIs. Knox supports LDAP, Active Directory as well as kerberos authentication.
The most prevalent and popular way to provide secure authentication to Hadoop clusters is by the use of Kerberos, which requires client-side configuration and packages. Apache Knox eliminates the requirement for such client-side library and complex configurations.
We can create different topologies, where we can provide for actual hosts and ports to run service components by integrating LDAP/Kerberos authentication.
curl -ik -u knox_username -X PUT ‘https://knoxhost:8443/gateway/topology_name/webhdfs/v1/user/hdfs/input?op=MKDIRS’
HTTP/1.1 200 OK
Date: Fri, 01 Sep 2017 09:10:41 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rememberMe=deleteMe; Path=/gateway/test; Max-Age=0; Expires=Thu, 31-Aug-2017 09:10:41 GMT
Expires: Fri, 01 Sep 2017 09:10:41 GMT
Date: Fri, 01 Sep 2017 09:10:41 GMT
Expires: Fri, 01 Sep 2017 09:10:41 GMT
Date: Fri, 01 Sep 2017 09:10:41 GMT
Content-Type: application/json; charset=UTF-8
Above command will create input directory in /user/hdfs location
Connecting to jdbc:hive2://knoxhost:8443/;ssl=true;sslTrustStore=/opt/jdk1.8.0_144/jre/lib/security/cacerts;trustStorePassword=changeit?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/test/hive
Enter username for jdbc:hive2://knoxhost:8443/;ssl=true;sslTrustStore=/opt/jdk1.8.0_144/jre/lib/security/cacerts;trustStorePassword=changeit?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/test/hive: knox_user
Enter password for jdbc:hive2://knoxhost:8443/;ssl=true;sslTrustStore=/opt/jdk1.8.0_144/jre/lib/security/cacerts;trustStorePassword=changeit?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/test/hive: **********
log4j:WARN No appenders could be found for logger (org.apache.hive.jdbc.Utils).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See https://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Connected to: Apache Hive (version 1.2.1000.2.6.2.0-205)
Driver: Hive JDBC (version 1.2.1.spark2)
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://knoxhost:8443/> show databases;
| database_name |
| default |
1 row selected (4.169 seconds)
0: jdbc:hive2://knoxhost:8443/> create database test;
No rows affected (1.271 seconds)
0: jdbc:hive2://knoxhost:8443/> show databases;
| database_name |
| default |
| test |
2 rows selected (2.222 seconds)
Hortonworks knox tutorial can be accessed here.
The primary purpose of an Hadoop cluster is to store and process large amount of data, which requires secure handling to prevent unauthorised access. Kerberos network authentication protocol provides for strong authentication of client/server applications. For each operation, the client is required to provide its identity(principal) to the Kerberos server. There are two types of principals – user and service principals.
Another import term in Kerberos is Realm. Realm is the authentication and administrative domain and all principals are assigned to a specific Kerberos realm.
Key Distribution Centre is used to store and controls all Kerberos principals and Realm.
KDC (Key Distribution Centre) has three components
- Kerberos Databases,
- Authentication Server(AS),
- Ticket Granting Service(TGS)
Kerberos Database stores and controls all principals and realms. Kerberos principals in the database are identities with following naming convention.
User@EXAMPLE.COM (User Principal)
Hdfs/node23.example.com@EXAMPLE.COM (Service Principal)
AS is responsible for issuing TGT (Ticket Granting Ticket) service tickets when client initiate request to AS.
TGS is responsible for validating TGT service tickets. Service tickets allows an authenticated principal to use services provided by the application server, which is identified by service principal.
as root user,
kadmin.local -q “addprinc -pw orzota hdfs-user”
the above command will add new hdfs-user with orzota as password.
To access hdfs data in kerberized client machine,
Password for hdfs-user@ORZOTAADMIN.COM:
Ticket cache: FILE:/tmp/krb5cc_1013
Default principal: hdfs-user@ORZOTAADMINS.COM
Valid starting Expires Service principal
09/14/2016 14:54:32 09/15/2016 14:54:32 krbtgt/ORZOTAADMIN.COM:
Authorization (Apache Sentry / Ranger)
In Hadoop infrastructure, Apache Sentry or Ranger can be used to perform the centralized way to manage security across various components in a Hadoop cluster.. In this blog, we will consider Ranger for authorization.
Ranger is used authorize users/group (as well as authenticated user by Kerberos) to access resources inside Hadoop ecosystem.
Currently Ranger provides audits and plugins for each of the Hadoop services which include HDFS, Hive, HBase, YARN, Kafka, Storm,Knox and Solr. Ranger uses Solr to audit the user actions on all supported services.
By using these plugins, Hadoop Administrator can create policies to authorize users to access Hadoop services.
For Example, Hive-Ranger-Plugin provides authorization at database, table and column level. By using this we can create specific / role-based policies for each user/group, thereby controlling the kind of queries that can be run on the database / table.
Hortonworks Ranger Tutorial can be access here.
Encryption (Ranger KMS):
Ranger Key Management Server (KMS) is built on the Hadoop KMS developed by the Apache community. It extends the native Hadoop KMS functions by letting the Ranger Admins store keys in a secure database.
Ranger provides centralized administration of Key management using Ranger admin UI. Ranger admin provides ability to create,delete and update keys using its dashboard or rest APIs. Ranger admin also provides the ability to manage access control policies within Ranger KMS. The access policies control permissions to generate or manage keys, adding another layer of security for data encrypted in Hadoop.
In Ranger KMS UI, Create key in the name of hdfs-encryption.
Add new policy in the name of key-test and give decrypt permission only for bob user.
1. create test dir and give owner permission to the bob user.
hdfs dfs -mkdir /test
hdfs dfs -chown -R bob:hdfs /test
2. create encryption zone:
[hdfs@ip-172-31-4-145 ~]$ hdfs crypto -createZone -keyName hdfs-encryption -path /test
Added encryption zone /test
[hdfs@ip-172-31-4-145 ~]$ hdfs crypto -listZones
3. Verify read write permission for user bob. only bob user can access the data from /test
4. if you try to access data from some other user. it will through following error.
[hdfs@ip-172-31-4-145 ~]$ hdfs dfs -put test1.txt /test/
put: User:alice not allowed to do ‘DECRYPT_EEK’ on ‘hdfs-encryption’
17/08/17 10:51:02 ERROR hdfs.DFSClient: Failed to close inode 17051
org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.hdfs.server.namenode.LeaseExpiredException): No lease on /test/test1.txt._COPYING_ (inode 17051): File does not exist. Holder DFSClient_NONMAPREDUCE_1683412138_1 does not have any open files.
Move to the Cloud – Benefits Of Cloud Computing
NOTE: This is a guest post by Danish Wadhwa
Cloud Computing has changed the way we use software – whether for personal or business use. The process of downloading, installing, configuring and maintaining different types of software, is eliminated with a move to the Cloud, saving businesses time and resources. Cloud has brought us to an era of increased responsiveness and efficiency.
Over the past few years, Cloud Computing has taken over and has become an essential part of our everyday life. Whether it is for updating a status on Facebook or for checking account balances on a smartphone, we use the Cloud. The Cloud is best at handling various processes in an organization. With it, individuals and businesses can plan, strategize and organize tasks within minutes. The Cloud can also keep information safe, while providing access from anywhere at any time.
Here are some of the top reasons for businesses to move to the Cloud:
Cloud based services are the best for businesses with fluctuating demands. The Cloud’s capacity can be increased or decreased according to specific requirements. Such flexibility gives businesses a real advantage over competitors. This operational ability of Cloud computing is one of the main reasons for moving to the Cloud .
Fast Data Recovery
Cloud keeps data protected, while offering data backup and recovery options in case of an emergency. A Cloud-based backup and recovery solution saves time and avoids large upfront investments as well. Further, by backing up to Cloud Servers in different geographical regions, a robust backup strategy can provide insurance against natural disasters, power outages, etc.
Automatic Software Updates
Cloud Computing servers are usually off-premises and suppliers of cloud computing make sure that all issues are resolved without impacting the end user, who can utilize the services of the Cloud without interruptions. Systems are maintained and kept up-to-date, with regular software updates that are done automatically. This leaves organizations to focus on matters more pertinent to their business, rather than their software and hardware infrastructure.
Cloud Computing simplifies various everyday operations and makes work easier: it provides access to data and the option to edit and share documents with different team members anytime, anywhere. One example is Asana, it is a cloud version of a project management tool that helps assign tasks to different team members, edit lists and keep track of progress, thus improving collaboration and coordination.
Safety becomes an important issue when you decide to store your entire data on the Cloud and this is where Cloud Computing’s high-end safety measures come into play. Although many enterprises pointed to security concerns as their number one reason for not moving to the cloud, that myth has been debunked. Today, the Cloud can be more secure than a private data center. Your data is encrypted to protect it for any kind of outage or disaster of any sort, from the process where your data is in transit to while it rests on the cloud servers. Just not that, customers can also choose to control their encryption keys if they wish to.
The “Pay as you Go” service allows you to pay according to your usage, thus helping small startups figure out what they need and expand as they grow. It also provides opportunities to various businesses to commence their ventures, regardless of available capital. Thus, the initial investment may be considerably low, allowing a company to gradually increase usage as it grows. The Cloud gives organizations access to enterprise-class technology, along with an opportunity to learn and understand the market and plan how to beat competition.
For mid-to-large enterprises, this one point can be a use time and money saver as on-premise infrastructure can take a lot of time to provision and needs to be planned for well in advance of the need for scale.
Apart from all the benefits we have discussed above, the Cloud is eco-friendly too. With the ability to change the server size according to usage, organizations only use the energy required at the moment, without leaving giant carbon footprints.
Why NOT move to the Cloud?
As technology leaders, we are challenged to make decisions that impact the organization’s growth. Our primary goals are to deliver on time and resolve problems efficiently, while staying within budget. The Cloud makes it possible to achieve these goals, with a proper plan and process in place. Moving to the Cloud can be one of those changes that an organization can make. Get the Devops Certification to benchmark your skills in Cloud Computing and understand its benefits.