Thanks! That's clarify the issue... Can you share what NFLabs doing in open source? Eran
On Sun, Jun 28, 2015 at 10:10 PM moon soo Lee <m...@apache.org> wrote: > Hi, > > Here's something i know about multi-tenancy for Zeppelin. > > A. Reverse Proxy + Zeppelin on docker. > > Setup a reverse proxy, who is doing authentication and redirect user to > proper Zeppelin instance running on docker container. > I saw many companies are already using Zeppelin in this way. > > My company (NFLabs) also uses this way for one of internal cluster. And > now preparing open source the tools that helps set up and use this type of > environment. > > As far as i know, NFLabs has no plan to make commercial package of > Zeppelin which has more features(such as security enabled zeppelin) than > Apache version. One commercial service NFLabs doing is > collaboration/sharing service for Zeppelin notebook with access control > (like github for git). > > > B. Shiro security. PullRequest-53 > > Which enables dedicated notebook space for each user. > I like the approach and really make sense. > > There're couple of issues i can think. > - compiler context are shared among users > - user can still read other users's notebook directly from filesystem > - user is not distinguished in interpreter level. > - restarting Zeppelin is required for many cases. That'll impact all > connected user. > > Therefore, it can be used for basic authentication, but need more work for > multi-tenant environment. > > So, i'd like to say, A is more like what's possible now, B is more like > future work. > > Thanks, > moon > > > On Sun, Jun 28, 2015 at 3:09 AM Eric Charles <e...@apache.org> wrote: > >> There is also https://github.com/apache/incubator-zeppelin/pull/53 >> which proposes to add shiro security (user authentication on the web part). >> This does not address what Ophir mentions (separated environment for e.g. >> spark interpreters to avoid variables shared across simultaneous >> authenticated users). >> >> My company (Datalayer) has also developed a multiuser extension to >> Zeppelin that addresses both web and interpreter user environment >> separation. >> >> To achieve this, we had to change the interpreter API to propagate the >> authenticated user to the interpreters. >> >> On 2015-06-28 11:54, IT CTO wrote: >> >> Thanks Ophir! >> That means that I have to wrap zeppelin with my own site which launch a >> zeppelin server on behalf of every requesting user. this is an option but I >> want avoiding it. >> pls, share wherever you come across during this journey >> Eran >> >> On Sun, Jun 28, 2015 at 12:09 PM Ophir Cohen <oph...@gmail.com> wrote: >> >>> Actually it a bit more than that: >>> Even the variables shared across notebooks! >>> >>> I think that NFLabs has a commercial version that supports groups and >>> users. >>> In my organisation we are looking on few solutions for that. >>> One of them is using different instances - maybe even on the same >>> machine. >>> I'm going to test it soon - but you are right, currently it's a >>> problem. >>> >>> BTW >>> Running different Zeppelin instances isn't such a bad idea as you get >>> the efficiency from the yarn resource manager that can be the same cluster >>> (assuming you using yarn)> >>> >>> On Sun, Jun 28, 2015 at 10:00 AM, IT CTO <goi....@gmail.com> wrote: >>> >>>> Hi, >>>> we are in the process of testing Zeppelin as our investigation platform >>>> inside the organization. >>>> One of the first question raised was with regard to multi user >>>> environment - currently, as I see it, all users run against the same >>>> zeppelin server and have access and availability to all notebooks. >>>> >>>> What are other people do with regard to that? >>>> Does the road-map have a multi-tenant solution for zeppelin? security? >>>> >>>> Eran >>>> >>> >>>
