End to End Policy Enforcement
Alluxio fits within existing frameworks and enforces the security you have in place. User authentication, authorization, access control, and data encryption policies from both applications and storage are applied within Alluxio. Support is provided for multi-tenancy, Active Directory, LDAP, Kerberos, and encryption.
Different supported data stores (e.g. HDFS, MapRFS) and different versions of the same storage can be integrated concurrently with the same Alluxio cluster.
Certified and guaranteed support from both Alluxio and storage vendors.
Certified and guaranteed support from both Alluxio and application vendors.
Manage storage resources with media-aware tiering policies across memory, SSD and HDD within Alluxio.
Fine-grained data locality policies can be configured at the server, rack, and data center level.
Migrate data between any supported data store, regardless of where it originated (e.g. HDFS to S3).
Replicate data to any supported data store regardless of original format to support HA or other operational needs.
Replicate data within an Alluxio cluster with user defined policies. Manage policies dynamically as workloads change.
Configure zones within an Alluxio cluster to isolate resource usage and manage data placement. Partition to support multi-tenancy, AWS Availability Zones, and disaster recovery.
Designed with a memory-first architecture to effectively leverage modern data center hardware.
Transparently cache hot data from connected storage systems and provide memory-speed access.
Write operations are replicated for short term high availability within Alluxio. Writes to persistent storage are asynchronous and maintain consistency even in the event of an outage.
Integrate with and enforce existing enterprise security. User authentication, authorization, access control, and data encryption policies from both applications and storage are applied within Alluxio.
Support multiple users on the system, each with their own identity and privileges.
Fine grained access control at the file level. Individual files can have specific security constraints.
An audit log of data accesses including the time, user, operation, and success/failure.
Integrate with a Kerberos secured under store, provided that Alluxio can act as a superuser.
Integrate with a Kerberos secured under store through delegation and without superuser privileges.
Authenticate users through Kerberos to validate identity.
Integrate with an LDAP based identity management system such as active directory.
Client-side data encryption with a configurable key management service. Data in Alluxio or connected storage is encrypted at rest and when sent over the network.
TLS 1.2 support for communication between all the Alluxio components (client, master, workers, job master and job worker) as well as between Alluxio and the under store.
Master failover through Zookeeper based leader election. Requires Zookeeper deployment.
External storage system for journaling. When running in HA mode, the storage system must be accessible from all master nodes.
Internal master failover and election.
Internally managed, highly available journal with local storage resources.