Orzota

Blog fullwidth

DM Radio podcast on IoT
How Big a Deal Is IoT? Much Bigger than Big Data

A quick heads-up that I’ll be participating in a DM Radio podcast on IoT (March 01, 2018) , to talk about IoT and its future. You can listen in on the live podcast at 3 PM Eastern / 12 PM Pacific (and I expect there’ll be a recording available, too). Click here to read more.

The Internet of Things really started humming in 2018, but the best has yet to come. Sure, there were some hiccups along the way, with refrigerators hijacked in massive distributed denial of service attacks, but for the most part, the IoT experience has gone pretty well. What does the future hold? So, so much more! Check out this episode of DM Radio to learn more. Host @eric_kavanagh will interview big data legend Kirk Borne of Booz Allen, and yours truly, Naren Gokul, along with several expert guests!

Listen Live
3 Requirements for an Enterprise Data Lake

There have been many articles written and talks given over the last several years on abandoning the Enterprise Data Warehouse (EDW) in favor of an Enterprise Data Lake with some passionately promoting the idea and others just as passionately denying that this is achievable. In this article, I would like to take a more pragmatic approach to the case and try and lay down a process that enterprises should consider for a data management architecture.

The focus is on data lakes for enterprises, referred to as Enterprise Data Lake to distinguish it from data lakes created by internet, ad-tech or other technology companies that have different types of data and access requirements.

The Enterprise Data Warehouse

The much reviled and beleaguered Data Warehouse has been the mainstay of enterprises for over 20 years supporting business reports, dashboards and allowing analysts to understand how the business is functioning. Data Warehouses when built right provide robust security, audit and governance which is critical – especially with the increasing cyber-hacks today.

Alas – many data warehouse projects are so complex, they are never finished! Further, the strict, hierarchical governance that many IT departments created around the warehouse caused lots of frustration as business analysts and researchers cannot explore the data freely.

The Hadoop Phenomenon

When Hadoop entered the mainstream, the big attraction for business analysts and data scientists was the ability to store and access data outside the restrictive bounds of IT! This raised the exciting possibility of finding new insights into business operations, optimizing spend and finding new revenue streams.

3 Requirements for the Enterprise Data Lake

Data LakeJames Dixon coined the term Data Lake in 2010 to mean data flowing from a single source with the data being stored in its natural state. We have come some ways from that definition and the most common definition of a Data Lake today is a data repository for many different types and sources of data, be they structured or unstructured, internal or external, to facilitate different ways of accessing and analyzing the data. The Data Lake is built on Hadoop with the data stored in HDFS across a cluster of systems.

The 3 requirements for the Enterprise Data Lake are:

  1. It must collect and store data from one or more sources in its original, raw form and optionally, its various processed forms.
  2. It must allow flexible access to the data from different applications; for example, structured access to tables and columns as well as unstructured access to files.
  3. Entity and transaction data must have strong governance defined to prevent the lake from becoming a swamp.
Enterprise Data Lake Architecture

The diagram below shows an Enterprise Data Lake that ingests data from many typical systems such as CRM, ERP and other transactional systems. In addition, it is fed unstructured data from web logs, social media, IoT devices, third-party sites (such as DMP, D&B) creating a data repository. This rich data eco-system can now support combining multiple sources of data for more accurate analytics and never-before possible insights into business operations.

enterprise data lakeWith technologies such as BigForce SNAP, it is possible to run existing enterprise Business Intelligence (BI) tools as well as perform exploratory analysis with visualization tools such as Tableau.

Enterprise Data Lake Governance

More importantly, the Hadoop eco-system now supports data governance through technologies like Ranger, Knox and Sentry. In combination with Kerberos, and enterprise identity management systems such as Active Directory (AD) or other LDAP frameworks, it is possible to implement strong security and governance rules. See “Implementing Hadoop Security” for details.

The Modern Enterprise Data Architecture

But what if you already have an existing EDW with hundreds of applications, some of which use complex analytics functions? How best can you leverage the EDW while also moving to a modern data architecture that allows new data sources to be integrated and empower your data scientists to integrate, enrich and analyze lots of data without the restrictions of the EDW?

A happy compromise between the data lake and data warehouse does exist and data architects and businesses have realized that it IS possible to build on the strengths of each system.

modern data architecture with enterprise data lakeIn this architecture, the data lake serves as the repository for all raw data, ingested from all the relevant data sources of an organization. Optionally, the data lake can also store cleansed and integrated data which is then also fed into the data warehouse. This way, newer BI applications can be built directly on the enterprise data lake while existing applications can continue to run on the EDW.

Data Governance in the Enterprise Data Lake

Image result for data governance cartoon

Data Governance policies for enterprise data in the EDW should also apply to the same data within the Enterprise Data Lake in most cases. Otherwise, this may lead to security holes and data inconsistencies between the two systems. If careful consideration is not given to governance, the data lake will turn into a data swamp !

However, since the data lake consists of all the raw data from operational systems as well as new data sources, it is possible to now provide data scientists and other analysts access to these data sets for new exploratory analytics.

Conclusion

Architecting a modern data architecture requires a thorough understanding of the requirements, existing applications and future needs and goals of the enterprise. Especially important to consider are Master data and Metadata management, governance and security as well as the right technologies.

At Orzota, we have built data lakes for a variety of businesses and have a methodology in place to ensure success. Contact us for more information.

Artificial Intelligence: Abilities & Expectations
What exactly is Artificial Intelligence?

Artificial intelligence is really starting to shape the world as we know it. The field of AI includes everything that has anything to do with the “intelligence” of a machine; and more specifically, that machine’s ability to imitate a human’s thought process and reasoning abilities.

Artificial IntelligenceWhile artificial intelligence develops programs to help solve problems, the patterns needed for solving a problem via AI is a lot different from the way a human would solve it. In a general sense, these programs that are developed are often designed to interpret, sort through, and provide insight from a vast amount of data. We want these AI programs to handle this data because it can process far more than a human brain ever could.

Four AI abilities

There are four abilities that contribute to artificial intelligence; and without them AI would not be what we expect.

Ability to sense

object-recognitionThe first, the ability to sense, correlates directly with object recognition. In this case, object recognition is the picking out and identification of objects from different inputs such as videos and digital images. Natural Language Processing (NLP) also contributes to the ability to sense, meaning the ability to read text and make sense of it.

Ability to converse

Thinking robotThe second, which is the ability to have a conversation, is the foundation to develop the ability to think. Predictive Analytics sums this up by identifying the likelihood of future outcomes based on historical data and algorithms (machine learning).

Ability to act

Working robotThe third, the ability to act, refers to taking action based on thinking. This is also known as “Prescriptive Analytics,” and determines the best solutions/outcomes among various choices, with known parameters.

Ability to learn

Learning robotThe fourth and final ability, the ability to learn, includes automatically occurring self-improvements. Not only do these improvements need to happen, but we also need to understand how these improvements were made as they occur.

More than sci-fi robots

SophiaThroughout the advancement process of AI, the technology industry has made AI an essential part of its work. The advancement of this field has caused debate over whether AI is a threat to humanity or not. Artificial intelligence is NOT something to fear; and it IS more than just sci-fi robots taking over.

Of course, it’s easy to understand why some may think AI and robots are one in the same, getting some things mixed up. Pop culture can be blamed for this, because robots are often portrayed in such a way that may cause humans to worry about what exactly they may become. In reality, robots are physical machines created to carry out a specific task and artificial intelligence is used to develop programs to solve problems. When AI and robots are integrated, autonomous robots are born.

Practical uses today

Believe it or not, but artificial intelligence systems are seen every day. Interesting Engineering came up with a list of everyday applications of AI, which can be separated into two categories: consumer-focused and enterprise-focused.

Some consumer-focused applications include smart cars, video games, smart homes, and preventing heart attacks.

Examples of enterprise-focused applications are customer service, workflow automation, cybersecurity, and maintenance predictions.

With the increasing advancements in the field of artificial intelligence, we are destined to see more and more practical uses.

Orzota can help!

The Orzota BigForce Docu-AI Solution helps automate document workflows for insurance and finance use cases. It uses sophisticated AI techniques to parse documents (image files, PDFs, etc.), extracting information and key insights while providing instant search and analysis capabilities.

To find out more, please contact info@orzota.com.

Implementing Hadoop Security

Security is an essential part of Hadoop infrastructure in any organization. Let’s look at some of the key or need-to-have components in ensuring that infrastructure is secured from external compromises.

The key aspects of security are authentication, authorization and encryption. We will look at ways to implement all three in the content of Hadoop clusters – be it on the cloud or on-prem.

hadoopServices

Network Level Security (Apache Knox):

Apache Knox is used to secure the perimeter of hadoop clusters to access data and to execute jobs. Knox can be deployed as clusters of Knox nodes, which acts as single access point and routes requests to the Hadoop rest and HTTP APIs and Provides SSO (single sign on) for multiple UIs. Knox supports LDAP, Active Directory as well as kerberos authentication.

The most prevalent and popular way to provide secure authentication to Hadoop clusters is by the use of Kerberos, which requires client-side configuration and packages. Apache Knox eliminates the requirement for such client-side library and complex configurations.

We can create different topologies, where we can provide for actual hosts and ports to run service components by integrating LDAP/Kerberos authentication.

Example to access HDFS data:

Make directory:
curl -ik -u knox_username -X PUT ‘https://knoxhost:8443/gateway/topology_name/webhdfs/v1/user/hdfs/input?op=MKDIRS’

HTTP/1.1 200 OK

Date: Fri, 01 Sep 2017 09:10:41 GMT

Set-Cookie: JSESSIONID=k9klsdy2yyeg1engj31y5djh8;Path=/gateway/test;Secure;HttpOnly
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Set-Cookie: rememberMe=deleteMe; Path=/gateway/test; Max-Age=0; Expires=Thu, 31-Aug-2017 09:10:41 GMT

Cache-Control: no-cache

Expires: Fri, 01 Sep 2017 09:10:41 GMT

Date: Fri, 01 Sep 2017 09:10:41 GMT

Pragma: no-cache

Expires: Fri, 01 Sep 2017 09:10:41 GMT

Date: Fri, 01 Sep 2017 09:10:41 GMT

Pragma: no-cache

Content-Type: application/json; charset=UTF-8

X-FRAME-OPTIONS: SAMEORIGIN

Server: Jetty(6.1.26.hwx)

Content-Length: 16

Above command will create input directory in /user/hdfs location

Example to access hive table using beeline
beeline> !connect
jdbc:hive2://knoxhost:8443/;ssl=true;sslTrustStore=/opt/jdk1.8.0_144/jre/lib/security/cacerts;trustStorePassword=changeit?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/test/hive

Connecting to jdbc:hive2://knoxhost:8443/;ssl=true;sslTrustStore=/opt/jdk1.8.0_144/jre/lib/security/cacerts;trustStorePassword=changeit?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/test/hive

Enter username for jdbc:hive2://knoxhost:8443/;ssl=true;sslTrustStore=/opt/jdk1.8.0_144/jre/lib/security/cacerts;trustStorePassword=changeit?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/test/hive: knox_user

Enter password for jdbc:hive2://knoxhost:8443/;ssl=true;sslTrustStore=/opt/jdk1.8.0_144/jre/lib/security/cacerts;trustStorePassword=changeit?hive.server2.transport.mode=http;hive.server2.thrift.http.path=gateway/test/hive: **********

log4j:WARN No appenders could be found for logger (org.apache.hive.jdbc.Utils).

log4j:WARN Please initialize the log4j system properly.

log4j:WARN See https://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Connected to: Apache Hive (version 1.2.1000.2.6.2.0-205)

Driver: Hive JDBC (version 1.2.1.spark2)

Transaction isolation: TRANSACTION_REPEATABLE_READ

0: jdbc:hive2://knoxhost:8443/> show databases;

+———————–+–+
| database_name |
+———————–+–+
| default |
+———————–+–+
1 row selected (4.169 seconds)

0: jdbc:hive2://knoxhost:8443/> create database test;

No rows affected (1.271 seconds)

0: jdbc:hive2://knoxhost:8443/> show databases;

+———————–+–+
| database_name |
+———————–+–+
| default |
| test |
+———————–+–+
2 rows selected (2.222 seconds)

Hortonworks knox tutorial can be accessed here.

Authentication (Kerberos):

The primary purpose of an Hadoop cluster is to store and process large amount of data, which requires secure handling to prevent unauthorised access. Kerberos network authentication protocol provides for strong authentication of client/server applications. For each operation, the client is required to provide its identity(principal) to the Kerberos server. There are two types of principals – user and service principals.

Another import term in Kerberos is Realm. Realm is the authentication and administrative domain and all principals are assigned to a specific Kerberos realm.

Key Distribution Centre is used to store and controls all Kerberos principals and Realm.

kerbos

    KDC (Key Distribution Centre) has three components

  • Kerberos Databases,
  • Authentication Server(AS),
  • Ticket Granting Service(TGS)

Kerberos Database stores and controls all principals and realms. Kerberos principals in the database are identities with following naming convention.

User@EXAMPLE.COM (User Principal)

Hdfs/node23.example.com@EXAMPLE.COM (Service Principal)

AS is responsible for issuing TGT (Ticket Granting Ticket) service tickets when client initiate request to AS.

TGS is responsible for validating TGT service tickets. Service tickets allows an authenticated principal to use services provided by the application server, which is identified by service principal.

To create Principal

as root user,

kadmin.local -q “addprinc -pw orzota hdfs-user”

the above command will add new hdfs-user with orzota as password.

To access hdfs data in kerberized client machine,

$ kinit

Password for hdfs-user@ORZOTAADMIN.COM:

$ klist

Ticket cache: FILE:/tmp/krb5cc_1013

Default principal: hdfs-user@ORZOTAADMINS.COM

Valid starting Expires Service principal
09/14/2016 14:54:32 09/15/2016 14:54:32 krbtgt/ORZOTAADMIN.COM:

Authorization (Apache Sentry / Ranger)

In Hadoop infrastructure, Apache Sentry or Ranger can be used to perform the centralized way to manage security across various components in a Hadoop cluster.. In this blog, we will consider Ranger for authorization.

Ranger is used authorize users/group (as well as authenticated user by Kerberos) to access resources inside Hadoop ecosystem.

Currently Ranger provides audits and plugins for each of the Hadoop services which include HDFS, Hive, HBase, YARN, Kafka, Storm,Knox and Solr. Ranger uses Solr to audit the user actions on all supported services.

By using these plugins, Hadoop Administrator can create policies to authorize users to access Hadoop services.

For Example, Hive-Ranger-Plugin provides authorization at database, table and column level. By using this we can create specific / role-based policies for each user/group, thereby controlling the kind of queries that can be run on the database / table.

Hortonworks Ranger Tutorial can be access here.

Encryption (Ranger KMS):

Ranger Key Management Server (KMS) is built on the Hadoop KMS developed by the Apache community. It extends the native Hadoop KMS functions by letting the Ranger Admins store keys in a secure database.

Ranger provides centralized administration of Key management using Ranger admin UI. Ranger admin provides ability to create,delete and update keys using its dashboard or rest APIs. Ranger admin also provides the ability to manage access control policies within Ranger KMS. The access policies control permissions to generate or manage keys, adding another layer of security for data encrypted in Hadoop.

HDFS Encryption Example:

In Ranger KMS UI, Create key in the name of hdfs-encryption.

Add new policy in the name of key-test and give decrypt permission only for bob user.
in hdfs,

1. create test dir and give owner permission to the bob user.

hdfs dfs -mkdir /test

hdfs dfs -chown -R bob:hdfs /test

2. create encryption zone:

[hdfs@ip-172-31-4-145 ~]$ hdfs crypto -createZone -keyName hdfs-encryption -path /test

Added encryption zone /test

[hdfs@ip-172-31-4-145 ~]$ hdfs crypto -listZones

/test hdfs-encryption

3. Verify read write permission for user bob. only bob user can access the data from /test

4. if you try to access data from some other user. it will through following error.

[hdfs@ip-172-31-4-145 ~]$ hdfs dfs -put test1.txt /test/
put: User:alice not allowed to do ‘DECRYPT_EEK’ on ‘hdfs-encryption’
17/08/17 10:51:02 ERROR hdfs.DFSClient: Failed to close inode 17051

org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.hdfs.server.namenode.LeaseExpiredException): No lease on /test/test1.txt._COPYING_ (inode 17051): File does not exist. Holder DFSClient_NONMAPREDUCE_1683412138_1 does not have any open files.

Why Move to the Cloud?

Move to the Cloud – Benefits Of Cloud Computing

NOTE: This is a guest post by Danish Wadhwa

Cloud Computing has changed the way we use software – whether for personal or business use. The process of downloading, installing, configuring and maintaining different types of software, is eliminated with a move to the Cloud, saving businesses time and resources. Cloud has brought us to an era of increased responsiveness and efficiency.

cloud-computingOver the past few years, Cloud Computing has taken over and has become an essential part of our everyday life. Whether it is for updating a status on Facebook or for checking account balances on a smartphone, we use the Cloud. The Cloud is best at handling various processes in an organization. With it, individuals and businesses can plan, strategize and organize tasks within minutes. The Cloud can also keep information safe, while providing access from anywhere at any time.

Here are some of the top reasons for businesses to move to the Cloud:

Flexibility

Cloud based services are the best for businesses with fluctuating demands. The Cloud’s capacity can be increased or decreased according to specific requirements. Such flexibility gives businesses a real advantage over competitors. This operational ability of Cloud computing is one of the main reasons for moving to the Cloud .

Fast Data Recovery

Cloud keeps data protected, while offering data backup and recovery options in case of an emergency. A Cloud-based backup and recovery solution saves time and avoids large upfront investments as well. Further, by backing up to Cloud Servers in different geographical regions, a robust backup strategy can provide insurance against natural disasters, power outages, etc.

Automatic Software Updates

Cloud Computing servers are usually off-premises and suppliers of cloud computing make sure that all issues are resolved without impacting the end user, who can utilize the services of the Cloud without interruptions. Systems are maintained and kept up-to-date, with regular software updates that are done automatically. This leaves organizations to focus on matters more pertinent to their business, rather than their software and hardware infrastructure.

Increased Collaboration

Cloud Computing simplifies various everyday operations and makes work easier: it provides access to data and the option to edit and share documents with different team members anytime, anywhere. One example is Asana, it is a cloud version of a project management tool that helps assign tasks to different team members, edit lists and keep track of progress, thus improving collaboration and coordination.

Security

Safety becomes an important issue when you decide to store your entire data on the Cloud and this is where Cloud Computing’s high-end safety measures come into play. Although many enterprises pointed to security concerns as their number one reason for not moving to the cloud, that myth has been debunked. Today, the Cloud can be more secure than a private data center. Your data is encrypted to protect it for any kind of outage or disaster of any sort, from the process where your data is in transit to while it rests on the cloud servers. Just not that, customers can also choose to control their encryption keys if they wish to.

Scalability

The “Pay as you Go” service allows you to pay according to your usage, thus helping small startups figure out what they need and expand as they grow. It also provides opportunities to various businesses to commence their ventures, regardless of available capital. Thus, the initial investment may be considerably low, allowing a company to gradually increase usage as it grows. The Cloud gives organizations access to enterprise-class technology, along with an opportunity to learn and understand the market and plan how to beat competition.

For mid-to-large enterprises, this one point can be a use time and money saver as on-premise infrastructure can take a lot of time to provision and needs to be planned for well in advance of the need for scale.

Eco-friendly

Apart from all the benefits we have discussed above, the Cloud is eco-friendly too. With the ability to change the server size according to usage, organizations only use the energy required at the moment, without leaving giant carbon footprints.

Why NOT move to the Cloud?

Why move to the cloudAs technology leaders, we are challenged to make decisions that impact the organization’s growth. Our primary goals are to deliver on time and resolve problems efficiently, while staying within budget. The Cloud makes it possible to achieve these goals, with a proper plan and process in place. Moving to the Cloud can be one of those changes that an organization can make. Get the Devops Certification to benchmark your skills in Cloud Computing and understand its benefits.

 

Save