Securing Hadoop the Easy Way with Teradata SQL-H

Sunday May 11th, 2014

It is well documented that security for Hadoop has its shortcomings. Hadoop can run in either ‘non-secure’ mode in which no authentication is required or ‘secure’ mode in which authentication is required. The problem with secure mode is that this involves setting up Kerberos authentication.

Kerberos is complicated and difficult to setup and finding a resource that has experience of doing this will be difficult – and doing it with hadoop even more so. On top of this, in Hadoop secure mode, Kerberos authentication is an all or nothing affair. If you switch it on then you have to use Kerberos on all your Hadoop users and services.

This presents a real challenge currently for Hadoop and its adoption into the corporate enterprise. Teradata can provide a solution to this problem in the form of Teradata SQL-H.

Teradata SQL-H provides a means to retrieve Hadoop data using SQL to join the data with Teradata database tables in a SELECT query. This enables easy access to Hadoop data for the SQL user. The data is accessed by selecting a table operator called load_from_hcatalog.

An example query might be:


                LineItem, Price, Product

FROM load_from_hcatalog(








                                templeton_port(‘1880’) )

 This simple and effective way of accessing Hadoop data can be wrapped up in a database view and then secured using standard Teradata database authentication and authorisation. Direct access to the Hadoop cluster can be restricted and users can be directed to the Hadoop data via a set of Teradata database views that are secure and easily managed. As well as the security benefits, users can access and analyse the Hadoop data using standard SQL thereby providing Enterprise security and access to your Hadoop data.

Steven Lawton is a Senior Solution Architect for Teradata based in Melbourne where he is responsible for technology & architecture within Teradata across Australia and New Zealand. Connect with Steven Lawton on Linkedin.

Leave a Reply

Your email address will not be published. Required fields are marked *