Securing Starburst Enterprise

Presenters: Dain Sundstrom and Manfred Moser
Video date: 26 August 2020
Running time: 2h 7m

This training session is geared towards helping Starburst Enterprise platform (SEP) users securely deploy SEP at scale. We cover how to secure SEP as well as access to your underlying data. Delivered by Dain Sundstrom, this session covers the following topics:

• Authentication, including password & LDAP Authentication
• Authorization to access your data sources
• Encryption including client-to-coordinator communication
• Secure communication in the cluster
• Secrets usage for configuration files including catalogs

Detailed topics with timestamps

Clicking the timestamp links below will take you to YouTube, or you can scrub to that timestamp in the video player above.

• Welcome - 0:00
• Tips and Notes - 5:06
  • Process for securing SEP - 7:34
  • What to secure - 11:02
  • Verify HTTP with the Web UI - 13:23
  • Verify HTTP with the CLI - 14:48
    • CLI failures - 15:14
  • Client to Server Encryption - 15:44
    • Approaches for HTTPS - 15:58
    • HTTPS proxy or load balancer - 17:33
    • Add the SSL/TLS certificate to the coordinator - 20:28
      • Inspect the PEM file - 22:40
      • Verify the PEM file certificate - 23:45
      • Verify the PEM private key - 26:08
      • Verify the JKS file - 26:38
      • Configure SEP - 27:59
    • Verify HTTPS with the Web UI - 28:51
    • Verify HTTPS with the CLI - 29:36
      • CLI failures - 29:46
      • CLI –insecure - 33:23
  • Authentication - 34:57
    • Password file authentication - 36:08
    • LDAP Authentication - 41:19
    • Kerberos Authentication - 50:24
    • Client certificate authentication - 53:53
    • JSON Web Token authentication - 55:03
    • Multiple authenticators - 56:01
    • User mapping - 58:14
  • Authorization - 1:00:08
    • File-based system access control - 1:02:54
  • Client to server summary - 1:07:23
  • Internal security and connector security - 1:18:14
    • Securing the cluster itself - 1:18:30
    • Shared secret - 1:20:29
  • Internal HTTPS - 1:23:58
  • Secrets Management - 1:27:53
  • Management Endpoints - 1:30:23
  • Hive Catalog Security - 1:33:29
    • Hive Catalog Authorization - 1:34:45
    • Hive Metastore Authentication - 1:38:08
    • HDFS Authentication - 1:42:24
    • Hive Kerberos Debugging - 1:43:31
    • S3 Authentication - 1:45:53
    • Google Cloud Authentication - 1:49:31