Policy Enforcement: Security Agents run within the process of NameNode, HiveServer2 and HBase Region Servers. It adds negligible overhead to the existing policy check and enforcement. The Security Agents can handle more than 50 simultaneous requests within less than 1.5 milliseconds.
Recommendation: Limit the number of policies by grouping resources together and also where possible using wild cards or recursive options.
Audits (log uploads to the server) : The Security Agent logs all access logs centrally to RDBMS. When MySQL is installed on a dedicated server with 4 Cores and 16 GB RAM, XASecure can handle up to 6500 logs/second with 375 concurrent requests. XASecure has inbuilt mechanism to log the event asynchronously without affecting the runtime performance of the cluster. If there is a sudden surge of event logs, XASecure will automatically buffer the logs and do deferred writing to database. If the surge of access requests lasts for longer period, then XASecure will throttle itself by discarding excess logs.
Recommendation: For high-end systems, it is recommend that the database is properly tuned for memory caching and disk IO. It is also recommended to appropriately partition the database and archive historical data on regular intervals.
