Announcing Data Artisans Platform 1.2 with major new Enterprise Security features

September 05, 2018 | by Robert Metzger

Today, data Artisans is announcing the availability of data Artisans Platform 1.2, with major new Enterprise Security features.
Alongside this new release, data Artisans is also announcing the availability of a new edition of data Artisans Platform, named "River Edition", which includes Streaming Ledger, a new library for streaming ACID transactions.

We will list the new features below:

  • Single Sign-on Authentication with OpenID Connect

With support for single sign-on (SSO) systems, data Artisans platform integrates well with existing user and group-based access control systems. Customers can connect the platform with their existing systems, making administration easy, as there is no need to maintain a separate user and group database for dA Platform. In addition, password entry (or other authentication mechanisms) happens on trusted and controlled sites outside of data Artisans Platform.
Single sign-on is implemented through OpenID Connect. Common OpenID Connect providers include Google Cloud, Microsoft Azure Active Directory, Okta, Keycloakor Dex. Through Dex, further identity providers such as LDAP or SAML 2.0 are available for the platform.

 

  • API Tokens for Machine to Machine Authentication

data Artisans Platform now allows customers to create API tokens for services to authenticate. Single Sign-on is mostly useful for human users to authenticate when accessing the user interface. For any script or system (such as a workflow manager, Jenkins, etc.) SSO flows are difficult to implement, or not available at all.
Therefore, dA Platform allows customers to create API tokens for such systems. API tokens are revokable at any time and permissions for API tokens can be restricted similarly to regular users.

 

  • Role-based Access Control

This new feature allows restricting access to API resources by defining roles and binding them to users, groups, or API tokens. Permissions are granted based on API resources (such as deployments or jobs) and verbs (such as post or delete).

 

  • Multi-Tenancy through Namespaces

Namespaces now offer the ability to control visibility and access of API resources. This effectively introduces multi-tenancy into dA Platform, allowing multiple teams to share a dA Platform setup, with strict separation of their resources.

 

  • Secret Values

data Artisans Platform 1.2 introduces a new API object called Secret Value. A secret value allows customers to manage passwords, authentication tokens, or secret configuration parameters. In particular, this allows for separating knowledge of a secret from the usage of a secret.
A common use-case for this feature are S3 access keys: Usually, only a small group of people is allowed to see the access keys, however, many people need to use them for configuring their systems. With secret values in data Artisans Platform and support for role-based access control, you can restrict permissions for creating and seeing secret values to a special group, and allow the use of the values to other (bigger) groups.

 

  • User Interface Improvements: Visualization of Flink Streaming Applications with metrics, YAML view of Deployments

We are continuously improving the web-based user interface of data Artisans Platform to give customers visual insights into their deployments. With this release, we've added a new tab to the Deployment view to see the job graph of the Flink application, with input and output metrics. In addition, we've added a view for seeing and editing the YAML representation of a Deployment directly in the user interface.
The "Savepoints" tab in the Deployment view now better displays the savepoint that will be used for the next restore operation.

 

  • Miscellaneous: Support for Apache Flink 1.6, greater logging flexibility and bugfixes

We've ironed out a lot of usability and productivity issues, and included support for the latest major Apache Flink release, version 1.6. The jar URL of a deployment now supports https://username:password@example.com as URLs, we are now exporting deployment and job-ids as environment variables to the log4j2.xml file and you can forward environment variables to Kubernetes deployments.

 

Next steps

  • You can check out the updated trial VM and Docker images on our download page and play around with the latest version of dA Platform.

  • The updated documentation for this version contains changelog with more details.

  • If you are already using Application Manager and working with the data Artisans repository, you have to simply update the image reference to v1.2/appmanager:1.2.0

We are eager to hear your feedback about this new version and happy to answer any questions you have. You can reach us at platform@data-artisans.com.

Topics: Ververica Platform

Robert Metzger
Article by:

Robert Metzger

Find me on:

Related articles

Comments

Sign up for Monthly Blog Notifications

Please send me updates about products and services of Ververica via my e-mail address. Ververica will process my personal data in accordance with the Ververica Privacy Policy.

Our Latest Blogs

by Jun Qin March 29, 2021

The Impact of Disks on RocksDB State Backend in Flink: A Case Study

As covered in a recent blog post, RocksDB is a state backend in Flink that allows a job to have state larger than the amount of available memory as the state backend can spill state to local disk....

Read More
by Konstantin Knauf March 10, 2021

Announcing Ververica Platform 2.4

Newest release adds full support for Flink SQL and Flink 1.12, and improves resource utilization via new shared session clusters.

Read More
by Dirko Hay March 09, 2021

Introducing StreamBurst as a Ververica Partner in South Africa

We are delighted to collaborate with Ververica and the original creators of Apache Flink to support our clients in South Africa with cutting edge real time streaming capabilities. 

Read More