Transwarp Guardian
Big Data Security Management Software
Provide comprehensive security assurance for customers' business logic and data assets
Product Introduction
Transwarp Guardian provides comprehensive security for customers' business logic and data assets from three aspects: user authentication, service resource authorization, and quota management. User authentication uses LDAP, KERBEROS and other protocols to ensure that only authenticated users can access the system, authorization ensures that only users who have been given permissions can access service resources, and quota management controls the resources that users are allowed to use. The three parts together ensure the security of big data platform.
Three Core Features
Unified Identity Authentication Center, Multiple Protocol Support
Multi-authentication mode support: For non-Web big data services, Guardian provides Kerberos authentication mode for TDH big data services. For some services, Guardian also support LDAP, CAS ticket, Guardian Access Token and Guardian Federation Access Token to authenticate access to the API/Domain Mutual Trust Protocol (one-way trust, two-way trust): support cross-domain authentication, allow users in one Realm to be authenticated in another Realm, so they can access the service in another Realm/Single sign-on: for web services, Guardian unified authentication supports OAuth2 and CAS protocols.
Unified Authority Management Center
Unified authority model: Plug-in authority management, support role-based authority control (RBAC) and attribute-based authority control(ABAC)/Authority penetration: Guardian provides authority penetration. For example, it allows users to penetrate the authority of objects in Inceptor's Metastore to the authority of the underlying directories and files corresponding to the objects on TDFS/Provide unified storage, configuration and display functions of authority.
Unified Quota Management
After security is enabled, Guardian supports unified quotas management/Support multi-dimensional resource quota management, including storage quota, cpmputing quota, queue quota, etc.
Seven Core Advantages
Authentication service framework with high-concurrency and high-availability
Support multiple clients, including RESTful + Java + Python/Support high concurrent query and retrieval through Redis cache/State persistence in high-availability database TxSQL/Service layer and business layer ensure high availability through multi-active.
Enhanced RBAC model
Define three objects of user, group and role/Group contains multiple users and subgroups/User and group can contain several roles/Flexible combination to support most business scenarios.
Fine-grained authority control
Refined authority defination can manage and control any object level, such as files, tables, models, etc.
Single sign on
Web unified authentication supports OAuth2 or CAS protocol, which can be switched flexiblely/Multi-tenancy support/Support whitelist of accessible services to ensure cluster security/Support bridging third-party OAuth2 or CAS systems to realize delegated authentication/Support single sign out.
Access Token
Support Access Token authentication/Access Token has a life cycle and is more reliable than Keytab.
Actions audit
All authorization operations can be audited through the log/Support auditing based on Milano/Aquila/Support auditing based on database.
Support Federation (Guardian mutual trust)
User authority integration of multiple clusters/Reduce O&M costs, such as unified management of clusters of different versions.
Application Scenarios
Multi-platform
Guardian provides basic security services for both TDH and TDC platforms.
Multi-component
Guardian supports identity authentication and refined authority management for product components such as Inceptor, Hyperbase, Scope, Slipstream, Event Store, TDFS to prevent unauthorized access.
Multi-tenancy
Guardian Federation is based on OAuth 2.0 protocol and do some extensions to realize the unified authentication system under a multi-tenant model. It makes sure the cluster remains secure within the use of multi-tenancy/user.
Transwarp, Shaping the Future Data World