hi everyone welcome to the course Kafka security so this is the course about Kafka security before me starting with a course material I would like to make a suggestion for the folks who don’t know about Kafka are those who are new to Kafka I would highly recommend you to go through the complete Casca course for beginners tutorial so the one which is you know which you can see on the screen so this course will cover all the basic concept you’ll be able to create your own producer and consumer and you can talk to the Kafka server and you can create your own cluster so it will be useful in all ways so meanwhile if you have any question you can drop me an email as you can you know you can ask in queue a section so I want to give you some background about Kafka security so in the versions older than 0.9 security was achieved by maintaining access at network level which was not a good option when we use the multi-tenant cluster for the large application consequently securing Kafka has been one of the most requested features security is one of the most important dimensions in today’s world where everyone wants to access everyone’s data Kafka community added a number of features that can be used you know to increase Kafka cluster security addressing security threats are crucial in today’s world as it is threatened by the wide variety of cyber attacks so Apache Kasper can become a good choice for an enterprise messaging system so that is the reason that in recent version that is 0.10 they added many features so these features are used individually or you know together so that we can increase the security in the cluster so in the following slides we will see what are the currently supported security measures in Tasker versions 8 or 10 so if you see the first one that is authentication of connections between brokers and clients so if you see the diagram here so if you see the external clients and the internal clients they are trying to talk to a Casca cluster a cluster is nothing but a set up trafficker brokers so in this communication we want to enable the security so this kind of communication is called connections between brokers and clients so this authentication will provide a security in this layer so if you see the next one authentication of connections between brokers and zookeeper suzuki when it comes to Kafka zookeeper is an important component it will store all the metadata so it will store them you know consumer assets and we will we will also talk about what are the recent changes in 0.10 but for now just remember Casca will store all the you know metadata so it is important to you know enable a security or encryption between this layer and the next feature is encryption of data using SSL so as I mentioned it is performance impact bit if you enable SSL definitely your performance e is going to degrade if you use one way authentication it will go bit low if you enable 2bath indication then definitely it will go around 50 percent so so we have encryption between brokers and clients and between the brokers and broker and other tools so when I say between brokers so when you enable you know as you know if you are aware that in Kafka we have partitions and replications so when you enable replication so this tastic broker has to the data has to replicate from one local to another broker so in that situation we want to encrypt the data so this is about the intergroup communication and the next one is authorization of read and write this is nothing but a CL access control list so if you if you use only one topic or if you are the only user using this entire cluster then you are good you don’t need this a CL but if you are a part of you know managed cluster your cluster is being used by many users then it is difficult to maintain because any user can access any topic so they can send the data they can receive the data this is not a good practice so that is that is the reason we have to enable a CA ACL so that we can restrict the access and a particular topic level or host level so we will see everything so before starting I want to introduce you to concepts that is what is authentication and what is authorization so what is the difference so I am going to give you all the details so currently Kafka supports the de listed ports first one is plain text when use plain tix they are not enabling any encryption and we are also not enabling any authentication we just send the message this is the message that’s it simple the next one is SSL when you use SSL so we are internally encrypting the data and also we are using it as authentication but this is limited limited authentication and the next one is SAS cell it is also called as Kerberos authentication so I want to mention this point in this tutorial we are not you know covering the Kerberos part because it is a vast subject I have to introduce you about the Kerberos so this is not you know something which we are covering in this tutorial if you are aware of how to use Kerberos then I will provide you the material so that you can develop this security so accept Kerberos I am going to explain you how to enable encryption security I mean authentication authorization we are going to cover so the last one is you can also use both ssl and SAS fill it means so when you use this both SSL and SASL this SSL is used for encryption purpose SSL is used for you know authentication purpose so okay be enable from the broker side are the tasks aside our cluster side but it is client responsibility to configure correct credentials are the you know correct port then only you will be able to as you you know whatever the you am for so because this you know port using a correct port is the main further you know third communication so we will cover this different how to configure from your client side also so if you have any questions you can drop me an email in directly you can check my profile in there you can send me a message and the next option is you can drop me an email as I mentioned it here and you can post it in QA also so for any comments or if you have anything feel free to reach out to me so see in the next lecture guys thank you

Tags:






Youtube
Facebook
Google Plus
Twitter
TutorialDrive


Apache Zookeeper Tutorial

Apache Kafka Tutorial

Apache Kafka Security

Elasticserarch n Kibana

Java 8 Tutorial

Log4J Tutorial

Apache Storm Tutorial

SQLite Tutorial

Apache Ant Tutorial

Related Posts

blog

Apache Kafka Commands Cheat sheet

Spread the loveKafka Topics List existing topics bin/kafka-topics.sh –zookeeper localhost:2181 –list Purge a topic bin/kafka-topics.sh –zookeeper localhost:2181 –alter –topic mytopic –config retention.ms=1000 … wait a minute … bin/kafka-topics.sh –zookeeper localhost:2181 –alter –topic mytopic –delete-config retention.ms
Read more…

blog

What is Apache Maven | Apache Maven complete tutorial from scratch pdf

Spread the love In this post you will learn the complete tutorial of Apache Maven build tool What is Maven ? Apache Maven is a software project management and comprehension tool. Based on the concept
Read more…

blog

Practical Guide for Web Development in 2018

Spread the loveWelcome to my practical guide  for web development in 2018 in terms of  technology and career. Before we start I just want to  mention a few things, you don’t need to learn  everything that
Read more…