White Paper

BlueData Software Architecture

BlueData EPIC™ version 3.2

The BlueData EPIC software platform

introduces patent-pending innovations that
leverage Docker container technology to
deliver the agility and efficiency benefits of
Big-Data-as-a-Service (BDaaS) either on-
premises, in the public cloud, or in a hybrid
environment.

www.bluedata.com
 Table of Contents
1. BlueData EPIC 1
Key Features and Benefits 1
App Store 2
2. BlueData EPIC Architecture 3
Software Components 3
3. Tenants 5
Users and Roles 6
User Authentication 7
4. Virtual Compute and Memory 9
Virtual Cores and RAM 9
Virtual Node Flavors 10
5. Storage 12
About DataTaps 12
On-Premises Tenant Storage 13
Node Storage 13
Application Path Inputs 13
6. Networking 14
Networks and Subnets 14
Gateway Hosts 17
7. Cluster Management 19
Cluster Creation 19
Isolated Mode 19
Host Tags 21
High Availability 22
Platform High Availability 22
Virtual Cluster High Availability 23
Gateway Host High Availability 23
Appendix 24
Definitions 24
Hadoop and Spark Support 25

White Paper: BlueData Software Architecture

www.bluedata.com
1. BlueData EPIC
The BlueData Elastic Private Instant Clusters platform (referred
to as “EPIC” throughout this white paper) allows users to provide
Big-Data-as-a-Service either on-premises, in the public cloud, or
in a hybrid environment. This white paper provides an in-depth
overview of the main components and architecture for version
3.2 of the BlueData EPIC software platform.
Virtualization and container technologies have already introduced
flexibility, agility, and reduced costs to most applications in the
enterprise data center. BlueData EPIC uses Docker containers to
extend these benefits to Big Data by allowing enterprises to
create, modify, and remove virtual clusters on demand without
sacrificing performance.
With the BlueData EPIC software platform, enterprises can
simultaneously run hundreds of Big Data workloads with
automated policy-based scheduling and self-provisioning.
Distributed applications are efficient and elastic, thanks to EPIC’s
proprietary application-sensitive caching, data path, network
optimization, and policy-based automation and management. IT
administrators use a single interface to monitor Hadoop or Spark
clusters, jobs, and infrastructure status. EPIC also automates
routine tasks such as provisioning, updates, and monitoring.
BlueData EPIC dramatically reduces Big Data deployment
complexity while improving business agility by providing an elastic
self-service infrastructure that reduces the time-to-value from
months to days, and at the same time reducing overall costs by
50%-75% compared to traditional, non-virtualized Hadoop and
Spark deployments. Users create virtual clusters on demand and
execute jobs without ever having to worry about the underlying
infrastructure.
Key Features and Benefits
The key features and benefits of BlueData EPIC include:
• Integrated platform for Big Data analytics and data
science: EPIC is an infrastructure platform purpose-built for
Big Data, with enterprise-grade security, networking, and
support for a variety of local and remote storage options.
• Runs on-premises and/or on Amazon Web Services
(AWS): EPIC can be deployed on-premises, on AWS, or in a
hybrid environment that includes both AWS and on-premises
resources.
Note: BlueData EPIC is not yet generally available for Microsoft Azure
and Google Cloud Platform. Please inquire about early access by
visiting www.bluedata.com/multi-cloud.
www.bluedata.com
• Create virtual clusters: EPIC duplicates the functionality of
physical clusters while adding flexibility and scalability at
reduced cost. For example, each virtual cluster can run a
different Hadoop or Spark distribution. You may create,
modify, re-prioritize, and remove virtual clusters on demand
to respond to ever-changing needs within individual business
units/departments. EPIC reduces time-to-value from months
to hours.
• Multi-tenancy and enterprise-grade security model: EPIC
integrates with enterprise LDAP and Active Directory
authentication systems. Administrators can then create
groupings of users and resources that restrict access to jobs,
data, or clusters based on departments and/or roles. The
result is an integrated, secure, multi-tenant infrastructure.
• Self-service portal: EPIC includes a self-service web portal
that allows users to create and manage clusters, create and
manage nodes, run Big Data jobs, and view monitoring
statistics. User visibility and available functionality vary based
on each user's role and tenant, in accordance with existing
security policies. For example, department administrators can
use the portal to provision nodes/clusters to run their own
Big Data applications without impacting nodes/clusters that
are assigned to different departments and without having to
manage the physical infrastructure.
• RESTful API: EPIC supports a RESTful API that surfaces
programmable access to the same capabilities as the self-
service portal.
• Superior performance: EPIC provides I/O optimization to
deliver high performance for Big Data applications, without
the penalties commonly associated with virtualization or
containerization. The CPU cores and RAM in each host are
pooled and then partitioned into virtual resource groups
based on tenants. When using AWS, EPIC runs on a curated
set of Amazon EC2 instance flavors that allows you to get
just the right amount of computing power needed to run jobs.
You only pay for the number and type(s) of EC2 instances
required at any given time, while ensuring high performance.
• Works with existing infrastructure: EPIC leverages your
data center investments by allowing your enterprise to
repurpose its existing infrastructure to run Big Data
deployments. EPIC supports your physical or virtualized
infrastructure, including commodity x86 servers and virtual
machines, as well as AWS. Existing storage protocols are
also supported (HDFS, HDFS with Kerberos, and NFS).
White Paper: BlueData Software Architecture
Page 1
• Reduced IT overhead: EPIC streamlines operations and
reduces IT costs by automating provisioning, unifying
management, and supporting push-button upgrades.
• Increases utilization while lowering costs: EPIC delivers
hardware and operational cost savings while simultaneously
eliminating the complexity of managing multiple physical
clusters. When running on AWS, EPIC allows clusters to be
turned on and off at will, meaning that you only pay for the
AWS instances that you need when you need them.
• High Availability: EPIC supports three levels of High
Availability to provide redundancy and protection, as
described in “High Availability” on page 22.
• Compute and storage separation for Big Data: EPIC
decouples analytical processing from data storage, giving you
the ability to independently scale compute and storage
instantly on an as-needed basis. This enables more effective
utilization of infrastructure resource and reduces overall
costs.
• In-place access to on-premises enterprise storage and
Amazon S3: EPIC allows you to access and run Big Data jobs
directly against both existing enterprise-class storage
systems and S3 in the AWS cloud. The separation of compute
and storage provided by EPIC means that you don’t need to
move or duplicate data before running analytics.
App Store
The BlueData EPIC platform includes an App Store with one-click
deployment for common Big Data applications, such as:
• Open-source Apache Hadoop distributions from Cloudera,
Hortonworks, and MapR.
• Open-source Apache Spark with support for standalone
resource manager and YARN.
• Open-source Apache Kafka messaging system.
• Open-source Cassandra NoSQL database from Datastax.
• Integration with JupyterHub, RStudio Server, and Zeppelin
notebooks, as well as software applications such as AtScale,
Datameer, H2O, Splunk, and others.
The App Store contains Docker container images of each
available product, allowing fully automated self-service
deployment. Each image in the App Store provides a particular
version, is pre-configured, and ready-to-run on the EPIC platform.
EPIC also supports a “bring your own app” model that allows
users to quickly add images for any Big Data application or data
processing platform to the App Store.
www.bluedata.com
The App Store contains three classes of images:
• Major Hadoop, Spark, and other Big Data products
provided out-of-the-box by BlueData. These images contain
open-source bits of major distributions that are both
unmodified and supported by the distribution vendors.
• ETL, business intelligence, and data science tools
supported out-of-the-box by BlueData. These include
images for open-source web-based notebooks as well as
commercial Big Data analytics tools. The images for
commercial applications have been validated by BlueData and
are available in the App Store via partnerships with these
companies.
• Custom distributions and applications added specifically by
individual customers. BlueData provides an Application
Workbench that allows customers to create and add their own
images to the App Store. Users can then deploy these images
and use them in a similar way as any of the out-of-the-box
images described above.
Note: App Store images are independent of BlueData EPIC software.
Any distribution or application can be added or removed from your
EPIC platform to suit your specific needs.
The Platform Administrator may install or uninstall images.
Installed images are available for use by Tenant Members when
creating jobs and clusters.
BlueData and/or application vendors may provide new images or
new versions of existing images. If the EPIC Controller host can
access the internet and a new version becomes available for an
image that is currently installed, the image will be marked in the
App Store with an Upgrade Available banner, and its tile will
provide a button for upgrading to the new version. Other new
images or new versions of currently uninstalled images will
display a New banner.
See “Hadoop and Spark Support” on page 25 for examples of
supported Big Data application services and Hadoop/Spark
ecosystem products.
White Paper: BlueData Software Architecture
Page 2
2. BlueData EPIC Architecture
This section describes the BlueData EPIC architecture, user
hierarchy, DataTaps, and other important EPIC concepts.
Software Components
BlueData EPIC is an enterprise-grade software platform that
forms a layer between the underlying infrastructure and Big Data
applications, transforming that infrastructure into an agile and
flexible platform for virtual clusters running on Docker containers.
Figure 1: BlueData EPIC software architecture (below)
EPIC consists of three key capabilities:
• ElasticPlane™ is a self-service web portal interface that spins
up virtual Hadoop or Spark clusters on demand in a secure,
multi-tenant environment.
• IOBoost™ provides application-aware data caching and tiering
to ensure high performance for virtual clusters running Big
Data workloads.
• DataTap™ accelerates time-to-value for Big Data by allowing
in-place access to any storage environment, thereby
eliminating time-consuming data movement.

9
11
Tenant Administrators Data Scientists Developers Data Engineers Data Analysts

TM
BlueData EPIC Platform 8
10

BI/Analytics Tools Bring-Your-Own

ElasticPlane™– Self-service, multi-tenant clusters

7 IOBoost™– Extreme performance and scalability
DataTap™– In-place access to data on-prem or in the cloud

4 5
Compute 6 6 EC2
5
Platform Administrator
1 2 3
2 3
Storage NFS HDFS S3

On-Premises Public Cloud

The high-level EPIC architecture is as follows (numbers
correspond to the callouts in Figure 1, above):
• Data Source (1): This is where EPIC reads and writes
persistent job data required by the tenants and virtual
clusters. A data source is typically a DataTap: a shortcut
within EPIC that points to existing remote data storage
locations on your network. A special instance of DataTap,
constructed from storage local to the EPIC hosts, is known as
tenant storage. The use of DataTaps reduces or even
eliminates the need to copy large volumes of data to and from
the virtual clusters before and after running jobs, thus saving
time and reducing network traffic. Please see “About
DataTaps” on page 12 for more about how EPIC handles data
storage.
• Cluster file system (2): This is where EPIC reads and writes
temporary data that is generated while running jobs. The
cluster file system is built within the virtual cluster, on
storage taken from the node storage space of the underlying
EPIC host (on-premises) and/or an Amazon S3 bucket (on
AWS).

White Paper: BlueData Software Architecture

www.bluedata.com Page 3
• Unique file directories for each tenant (3): EPIC
automatically creates a sandboxed shared-storage area for
each tenant within the tenant storage space of the EPIC
platform, whether on-premises or on AWS in S3. This per-
tenant storage can be used to isolate data that should be
accessible by only one tenant. Optionally, it can also be used
to enforce a quota on the tenant's use of that space.
• Platform Administrator (4): One or more Platform
Administrator(s) handle overall EPIC administration, including
managing hosts and creating tenants.
• Controller host (5): The Controller host is the host where
you initially install EPIC. This host controls the rest of the
hosts in the EPIC platform.
- If you are installing EPIC 3.2 on-premises, then the
Controller host will be located on your own
infrastructure (on a physical server or virtual machine).
In this case, EPIC runs on either the Red Hat Enterprise
Linux or CentOS operating system, version 6.8
(minimum), version 7.3, or version 7.4 (recommended).
You must have the operating system installed on all of
the nodes that you will be using for EPIC before
beginning the installation process.
- If you are installing EPIC on AWS, then the Controller
host will be located on an Amazon EC2 instance.
• Worker hosts (6): Worker hosts are under the direct control
of the Controller host. EPIC dynamically allocates the
resources on these hosts to the virtual clusters and jobs
within each tenant as needed, based on user settings and
resource availability. This dynamic resource allocation means
that EPIC achieves a much higher host utilization rate than
traditional Hadoop and Spark deployments. If you have EPIC
installed on-premises with High Availability enabled, then two
of these Worker hosts will have additional roles, as described
in “High Availability” on page 22.
- If you are installing EPIC on-premises, then the Worker
host(s) will be located either on your infrastructure
(physical server or virtual machine) or on Amazon EC2
instances (for a hybrid deployment). Each Worker host
that is located on your infrastructure can manage
multiple containers/virtual nodes. For example, a cluster
that consists of four nodes could potentially be located on
a single Worker host. Worker hosts that are located on
Amazon EC2 instances can support a single virtual node
per host, as described below.
- If you are installing EPIC on AWS, then the Worker
host(s) will be located on Amazon EC2 instances, where
each instance will appear as a virtual node in EPIC. In
www.bluedata.com
this case, there is no distinction between a “Worker host”
and a “virtual node.” In this example, a cluster that
consists of four nodes will be located on four EC2
instances.
• EPIC Platform (7): The EPIC platform consists of the EPIC
services that are installed on each of the hosts. EPIC handles
all of the back-end virtual cluster management for you,
thereby eliminating the need for complex, time-consuming IT
support. Platform and Tenant Administrator users can
perform all of these tasks in moments using the EPIC web
portal.
• Role-based security (8): EPIC includes three user roles
(Platform Administrator, Tenant Administrator, and Member)
that allow you to control who can see certain data and
perform specific functions. Roles are granted on a per-tenant
basis, meaning that you can either restrict users to a single
tenant or grant access to multiple tenants. Each user may
have at most one role per tenant.
• Tenant Administrators (9): A Tenant Administrator
manages the resources assigned to that tenant. Each tenant
must have at least one user with the Tenant Administrator
role.
• Clusters (10): Clusters can be created to run a wide variety
of Big Data applications, services, and jobs.
• Tenants (11): Tenants allow you to restrict EPIC access as
needed, such as by department. Each tenant has its own
unique sets of authorized users, DataTaps, applications, and
virtual clusters that are never shared with any other tenant.
Users with access to one tenant cannot access or modify any
aspect of another tenant unless they have also been assigned
a role (Tenant Administrator or Member) on that tenant.
White Paper: BlueData Software Architecture
Page 4
3. Tenants
Tenants are created by the Platform Administrator after installing
BlueData EPIC. The infrastructure resources (e.g. CPU, memory,
storage) available on the BlueData EPIC platform are split among
the tenants on the platform. Each tenant can be configured as
either using on-premises resources or AWS resources. Each
tenant is allocated a set of resources and restricts access to a set
of data to only those users authorized to access the tenant.
Resources used by one tenant cannot be used by another tenant.
All users who are members of a tenant can access the resources
and data objects available to that tenant.
You will need to decide how to create tenants to best suit your
organizational needs, such as by:
• Office location: If your organization has multiple office
locations, you could choose to create one or more tenants per
location. For example, you could create a tenant for the San
Francisco office and one for the New York office. EPIC does
not take location into account; this is just an example of how
you could use a tenant.
• Department: You could choose to create one or more tenants
for each department, For example, you could create one
tenant each for the Manufacturing, Marketing, Research &
Development, and Sales departments.
• Use cases, application lifecycle, or tools: Different use
cases for Big Data analytics and data science may have
different image/resource requirements.
• Combination: You could choose to create one tenant by
department for each location. For example, you could create
a tenant for the Marketing department in San Francisco and
another tenant for the Marketing department in New York.
Some of the factors to consider when planning how to create
tenants may include:
• Structure of your organization: This may include such
considerations as the department(s), team(s), and/or
function(s) that need to be able to run jobs.
• Location of data: If the data to be accessed by the tenant
resides in Amazon S3 storage on AWS, then the tenant
should be configured to use Amazon EC2 compute
resources. If the data to be accessed by the tenant resides
on-premises, then the tenant can be configured to use either
on-premises or Amazon EC2 compute resources.
• Use cases/tool requirements: Different use cases for Big
Data analytics and data science may have different image/
resource requirements.
www.bluedata.com
• Seasonal needs: Some parts of your organization may have
varying needs depending on the time of year. For example,
your Accounting department may need to run jobs between
January 1 and April 15 each year but have little to no needs at
other times of the year.
• Amount and location(s) of hosts: The number and
location(s) of the hosts that you will use to deploy an EPIC
platform may also be a factor. If your hosts are physically
distant from the users who need to run jobs, then network
bandwidth may become an important factor as well.
• Personnel who need EPIC access: The locations, titles, and
job functions of the people who will need to be able to access
EPIC at any level (Platform Administrator, Tenant
Administrator, or Member) may influence how you plan and
create tenants.
• IT policies: Your organization’s IT policies may play a role in
determining how you create tenants and who may access
them.
• Regulatory needs: If your organization deals with regulated
products or services (such as pharmaceuticals or financial
products), then you may need to create additional tenants to
safeguard regulated data and keep it separate from non-
regulated data.
These are just a few of the possible criteria you must evaluate
when planning how to create tenants. EPIC has the power and
flexibility to support the tenants you create regardless of the
schema you use. You may create, edit, and delete tenants at any
time. However, careful planning for how you will use your EPIC
platform that includes the specific tenant(s) your organization will
need now and in the future will help you better plan your entire
EPIC installation from the number and type of hosts to the tenants
you create once EPIC is installed on those nodes.
White Paper: BlueData Software Architecture
Page 5
Users and Roles PERMISSION PA TA M
A user consists of the following components: View a tenant X X
• Login credentials (username and password) Create a tenant X
• Role Edit a tenant X
Some of the user-related things you must consider when planning Delete a tenant X
and maintaining your EPIC installation include:
Add an EPIC user X
• Tenants: The number of tenants and the function(s) each
Remove an EPIC user X
tenant performs will determine how many Tenant
Administrator users you will need and, by extension, the Grant a user platform role X
number of Member users you will need for each tenant. The Revoke a user platform role X
reverse is also true, because the number and functions of Grant a user tenant role X X
users needing to run jobs can influence how you create Revoke a user tenant role X X
tenants. For example, different levels of confidentiality might
View detailed host information X
require separate tenants.
Manage user authentication X
• Job functions: The specific work performed by each user
will directly impact the EPIC role they receive. For example, a View job information X X X
small organization may designate a single user as the Tenant Enter/exit Lockdown mode X
Administrator for multiple tenants, while a large organization Add a job X X
may designate multiple Tenant Administrators per tenant.
Delete a job X X
• Security clearances: You may need to restrict access to
View virtual cluster information X X X
information based on each user’s security clearance. This
can impact both the tenant(s) a user has access to and the Add a virtual cluster (no constraints) X X
role that user has within the tenant(s). Add a virtual cluster w/constraints X X
Each user may have a maximum of one role per tenant. For Access a cluster in Isolated Mode* X X
example, if your EPIC installation consists of 20 tenants, then Edit a virtual cluster X X
each user may have up to 20 separate roles. A user with more
Delete a virtual cluster X X
than one role may be a Member of some tenants and a Tenant
Administrator of other tenants. Create, edit, delete cluster templates X X

Figure 10 lists the specific functions that can be performed within Run ActionScripts in a cluster X X
EPIC and the role(s) that can perform each of those actions. In View detailed DataTap information X X
this table: Add a DataTap X
• Permission stands for the right to perform a given action. Edit a DataTap X
Users with specific roles receive specific permissions within Remove a DataTap X
EPIC.
View summary DataTap information X X
• PA stands for the Platform Administrator role.
View virtual node information X X
• TA stands for the Tenant Administrator role.
Manage EPIC platform configuration X
• M stands for the Member (non-administrative) role.
Create, edit, delete flavor definitions X
• An X in a column means that a user with the indicated role
Install/uninstall/upgrade X
can perform the indicated action.
App Store images
• A blank entry means that a user with the indicated role
Add and manage EPIC Worker hosts X
cannot perform the indicated action.
View global usage/health/metrics X
View tenant resource usage X X
Figure 10: EPIC permissions by platform/tenant role (right)
*The ability to access isolated clusters depends on the tenant Cluster
Superuser Privilege setting.

White Paper: BlueData Software Architecture

www.bluedata.com Page 6
User Authentication
Each user has a unique username and password that they must
provide in order to login to BlueData EPIC. Authentication is the
process by which EPIC matches the user-supplied username and
password against the list of authorized users and determines both
- whether to grant access (stored either in the local user
database server or in the remote LDAP/Active Directory
server), and
- what exact access to allow, in terms of the specific
role(s) granted to that user (stored on the EPIC
Controller node).
User authentication information is stored on a secure server.
EPIC can authenticate users using any of the following methods:
• Internal user database.
• Your existing LDAP or Active Directory server that you can
connect to using Direct Bind or Search Bind.
Accessing EPIC (Non-SSO)
The non-SSO user authentication process is identical when using
either the internal EPIC user database or an external LDAP/AD
server:
1. A user accesses the EPIC Login screen using a Web browser
pointed to the IP address of the Controller host.
2. The user enters her or his username and password in the
appropriate fields and attempts to login.
3. EPIC passes the user-supplied username and password to
the authentication server.
4. The authentication server returns a response that indicates
either a valid (allow user to login) or invalid (prevent user
from logging in) login attempt.
5. If the login attempt is valid, EPIC will match the user with the
role(s) granted to that user and allow the proper access.
Using the internal user database included with EPIC is fast and
convenient from an IT perspective. However, it may complicate
user administration for various reasons, such as:
• The user may be required to change their password on the
rest of the network but this change will not be reflected in
EPIC.
• A user who is removed from the network (such as when they
leave the organization) must be removed from EPIC
separately.
Connecting EPIC to your existing user authentication server
requires you to supply some information about that server when
installing EPIC. Contact your user administrator for the following
information:
www.bluedata.com
• LDAP: LDAP Host, User Attribute, User Subtree DN
• Active Directory: AD Host, User Attribute, User Subtree DN
Accessing EPIC (SSO)
Single Sign On (SSO) allows users to supply login credentials
once, and then gain access to all authorized resources and
applications without having to log in every time. When BlueData
EPIC is configured for SSO, authorized users will proceed directly
to the Dashboard screen without having to log in. From there,
users can access cluster services (such as Hue), if needed.
Configuring EPIC for SSO requires both of the following:
• A metadata XML file that is provided by the Identity Provider
(IdP)
• XPATH to a location in the SAML response that will contain
the LDAP/AD username of the user, such as
//saml:AttributeStatement/
saml:Attribute[@Name="PersonImmutableID"]/
saml:AttributeValue/text()
You can then use LDAP/AD groups to assign roles.
If platform HA is not enabled for the EPIC platform, then the
hostname of the EPIC Controller host must be mapped to the IP
address of the Controller host via a DNS server that can be
accessed by the user. This allows a user-initiated browser GET
request to correctly resolve to the Controller host. For EPIC
platforms with platform HA enabled, this will be a hostname that
resolves to the cluster IP address. Figure 2 shows the DNS name
resolution process.
NO Resolve to
Platform HA enabled?
Controller hostname.
YES
Cluster hostname NO Resolve to
"#ɑ,#"E cluster IP address.
YES
Resolve to
Controller hostname.
Figure 2: DNS name resolution process
The IdP must be configured with the following information:
White Paper: BlueData Software Architecture
Page 7
• Audience: This field is not required; however, providing the
base URL of the SAML server is more secure than a blank
entry. If you do enter a URL, then this URL must exactly
match the SAML Application Name that you will specify in
EPIC.
• Recipient: [<hostname>|<ip_address>]/bdswebui/
login, where <hostname> is the name of either the
Controller host or HA cluster, as appropriate, and
<ip_address> is either the Controller or cluster IP
address. Use either a hostname or an IP address, but not
both. For example, controllername/bdswebui/login
or 10.32.1.10/bdswebui/login.
• Consumer URL Validator: Enter <epic_info>/
bdswebui/login/, where <epic_info> is either:
- .* - This is a valid generic entry, but is less secure. For
example, .*/bdswebui/login/.
- < name or ip>, which will be either the FQDN or IP
address of either the Controller host or cluster, as
described above. This entry is more secure than the
generic entry. For example, 10.32.0.75/bdswebui/
login/ or epic-01.organization.com/
beswebui/login/.
• Consumer URL: <epic_info>/bdswebui/
saml_login>, where <epic_info> is either a generic or
specific entry, as described above.
The IdP will provide a SAML IdP XML metadata file that you will
use when configuring EPIC for SSO.

White Paper: BlueData Software Architecture

www.bluedata.com Page 8
4. Virtual Compute and Memory
The BlueData EPIC software platform allows you to deploy
multiple virtual clusters using fully managed and embedded
Docker containers. A virtual cluster is a collection of virtual nodes
(Docker containers) that are available to a specific tenant. Each
virtual node is allocated virtual CPU and memory, as described in
this section. This section also describes how EPIC uses virtual
node flavors.
Virtual Cores and RAM
BlueData EPIC models virtual CPU cores and memory differently
based on whether your hosts are located on-premises in your
datacenter, or on AWS.
On-Premises Hosts
For EPIC hosts that reside on your premises, each virtual node
within a virtual cluster consumes system CPU and memory
resources, according to the virtual CPU (vCPU) core count and
amount of RAM specified for that virtual node. The EPIC platform
license is based on the maximum number of CPU cores managed.
EPIC manages the total amount of available vCPU cores and RAM
aggregated across all of the hosts. Each tenant may be assigned a
quota that limits the total number of vCPU cores, the amount of
RAM, and the amount of storage that are available for use by the
clusters within that tenant. A tenant's ability to utilize its entire
quote of resources is limited by both the EPIC license and the
availability of physical resources.
EPIC grants vCPU cores and RAM to clusters on a first-come,
first-served basis. Each cluster requires CPU and RAM resources
in order to run, based on the number and size of its component
nodes. Cluster creation can only proceed if the total resources
assigned to that cluster will not exceed the tenant quota, if a
corresponding amount of resources are free in the system.
EPIC models vCPU cores as follows:
• The number of available vCPU cores is the number of
physical CPU cores multiplied by the CPU allocation ratio
specified by the Platform Administrator. For example, if the
hosts have 40 physical CPU cores and the Platform
Administrator specifies a CPU allocation ratio of 3, then EPIC
will display a total of 120 available cores. EPIC allows an
unlimited number of vCPU cores to be allocated to each
tenant. The collective core usage for all nodes within a tenant
will be constrained by either the tenant's assigned quota or
the available cores in the system, whichever limit is reached
first. The tenant quotas and the CPU allocation ratio act
www.bluedata.com
together to prevent tenant members from overloading the
system's CPU resources.
• When two nodes are assigned to the same host and contend
for the same physical CPU cores, EPIC allocates resources to
those nodes in a ratio determined by their vCPU core count.
For example, a node with 8 cores will receive twice as much
CPU time as a node with 4 cores.
• The Platform Administrator can also specify a Quality of
Service (QOS) multiplier for each tenant. In the case of CPU
resource contention, the node core count is multiplied by the
tenant QOS multiplier when determining the CPU time it will
be granted. For example, a node with 8 cores in a tenant with
a QOS multiplier of 1 will receive the same CPU time as a
node with 4 cores in a tenant with a QOS multiplier of 2. The
QOS multiplier is used to describe relative tenant priorities
when CPU resource contention occurs; it does not affect the
overall cap on CPU load established by the CPU allocation
ratio and tenant quotas.
• EPIC models RAM as follows:
• The total amount of available RAM is equal to the amount of
unreserved RAM in the EPIC platform. Unreserved RAM is
the amount of RAM remaining after reserving some memory
in each host for EPIC services. For example, if your EPIC
platform consists of four hosts that each have 128GB of
physical RAM with 110GB of unreserved RAM, the total
amount of RAM available to share among EPIC tenants will be
440GB.
• EPIC allows an unlimited amount of RAM to be allocated to
each tenant. The collective RAM usage for all nodes within a
tenant will be constrained by either the tenant's assigned
quota or the available RAM in the system, whichever limit is
reached first.
During tenant creation, EPIC will suggest some default values.
These default values will be 25% of the total system vCPU cores
or RAM, respectively. The total available amount of that resource
is displayed for comparison below each field. You may edit these
quota values or delete a value and leave the field blank to indicate
that the tenant does not have a quota defined for that resource.
Assigning a quota of vCPU cores and/or RAM to a tenant does not
reserve those resources for that tenant when that tenant is idle
(not running one or more clusters). This means that a tenant may
not actually be able to acquire system resources up to its
configured maximum CPU cores and RAM.
White Paper: BlueData Software Architecture
Page 9
You may assign a quota for any amount of vCPU cores and/or GB
of RAM to any tenant(s) regardless of the actual number of
available system resources. A configuration where total allowed
tenant resources exceed the current amount of system resources
is called over-provisioning. Over-provisioning occurs when one or
more of the following conditions are met:
• You only have one tenant which has quotas that either exceed
the system resources or are undefined quotas. This tenant
will only be able to use the resources that are actually
available to the EPIC platform; this arrangement is just a
convenience to make sure that the one tenant is always able
to fully utilize the platform, even if you add more hosts in the
future.
• You have multiple tenants where none have overly large or
undefined quotas, but where the sum of their quotas exceeds
the resources available to the EPIC platform. In this case, you
are not expecting all tenants to attempt to use all their
allocated resources simultaneously. Still, you have given each
tenant the ability to claim more than its “fair share” of the
EPIC platform's resources when these extra resources are
available. In this case, you must balance the need for
occasional bursts of usage against the need to restrict how
much a “greedy” tenant can consume. A larger quota gives
more freedom for burst consumption of unused resources
while also expanding the potential for one tenant to prevent
other tenants from fully utilizing their quotas.
• You have multiple tenants where one or more has overly
large and/or undefined quotas. Such tenants are trusted or
prioritized to be able to claim any free resources; however,
they cannot consume resources being used by other tenants.
Note: Over-provisioning is useful in certain situations; however,
avoiding over-provisioning prevents potential resource conflicts by
ensuring that all tenants are guaranteed the maximum number of
allocated virtual CPU cores and RAM.
AWS Instances
Each virtual node within a cluster is built on top of an Amazon
EC2 instance and consumes CPU and memory resources,
according to the virtual CPU (vCPU) core count and amount of
RAM specified for that node. The EPIC platform is licensed for a
maximum number of EC2 instances. The flavor(s) used by these
instances determine the total number of vCPU cores and GB of
RAM that are available to the EPIC platform. Each tenant may also
be assigned a quota that limits the total number of vCPU cores,
RAM, and/or storage that are available to the clusters within that
tenant.
EPIC grants EC2 instances (and the vCPU cores and RAM within
those instances) to clusters on a first-come, first-served basis.
www.bluedata.com
Each cluster requires a specified number of instances in order to
run, based on the number of virtual nodes added when that
cluster was created (one virtual node equals one instance).
Cluster creation can only proceed if the total resources assigned
to that cluster will not exceed the tenant quota, if a corresponding
amount of resources are free in the system, and if creating the
cluster will not exceed the licensed maximum number of
instances for the EPIC platform.
The number of available vCPU cores is the number of CPU cores
per instance multiplied by the number of instances assigned to the
cluster. For example, if each instance has 16 vCPU cores and a
Member creates a cluster with five instances, then that cluster
will have a total of 80 vCPU cores (16*5). The collective core
usage for all nodes within a tenant will be constrained by either
the tenant's assigned quota or by the total number of licensed
instances available to the EPIC platform, whichever limit is
reached first.
The total amount of available RAM is equal to the amount of RAM
per instance multiplied by the number of instances assigned to the
cluster. For example, if each instance has 48GB of RAM and a
Member creates a cluster with five instances, then that cluster
will use a total of 240GB of RAM (48*5) from the EPIC platform.
EPIC allows an unlimited amount of RAM to be allocated to each
tenant, up to licensed maximum for the entire EPIC platform. The
collective GB of RAM for all nodes within a tenant will be
constrained by either the tenant's assigned quota or by the total
GB of all of the EC2 instances in the EPIC platform, whichever
limit is reached first.
Assigning a quota of vCPU cores and/or RAM to a tenant does not
reserve those resources for that tenant when that tenant is idle
(not running one or more clusters). This means that a tenant may
not actually be able to acquire system resources up to its
configured maximum CPU cores and RAM.
Virtual Node Flavors
BlueData EPIC models virtual node flavors based on where hosts
are located, as follows:
• On-premises hosts: If the hosts are located on your
premises, then a virtual node flavor defines the number of
vCPU cores and RAM used by a virtual node. For example, if
the flavor “small” specifies a single vCPU core and 3GB of
RAM, then all virtual nodes created with the “small” flavor will
have those specifications, subject to the rules described in
Virtual Cores and RAM. EPIC creates a default set of flavors
(such as Small, Medium, and Large) during installation.
• AWS instances: If the hosts are located on AWS, then a
virtual node flavor defines the Amazon template and storage
White Paper: BlueData Software Architecture
Page 10
 capacity used by a virtual node. For example, if the flavor
uses the Amazon c4.4xlarge template, then each instance
created using that flavor will have 16 CPU cores and 30GB of
RAM, with either the default or user-specified amount of
storage. EPIC creates a default set of flavors (such as Small,
Medium, Large, Extra Large, and Extra Extra Large) during
installation.
Note: Flavors are tenant-specific. A flavor that is created or edited in
one tenant will not affect a flavor with the same name in another
tenant.
The Platform Administrator should create flavors with virtual
hardware specifications appropriate to the clusters that tenant
members will create. Application characteristics will guide these
choices, particularly the minimum virtual hardware requirements
per node. Using nodes with excessively large specifications will
waste resources (and count toward a tenant's quota). It is
therefore important to define a range of flavor choices that closely
match user requirements.
The Platform Administrator may freely edit or delete these
flavors. When editing or deleting a flavor:
• If you edit or delete an existing flavor, then all virtual nodes
using that flavor will continue using the flavor as specified
before the change or deletion. EPIC displays the flavor
definition being used by clusters.
• You may delete all of the flavors defined within your EPIC
installation; however, if you do this, then you will be unable to
create any clusters until you create at least one new flavor.
• You may specify a root disk size when creating or editing a
flavor. This size overrides the size specified by the image in
the App Store and/or the default Amazon template storage
size, as appropriate. Specifying a root disk size that is smaller
than the minimum size indicated by a given image will
prevent you from being able to instantiate that image on a
cluster that uses that flavor. Creating a larger root disk size
will slow down cluster creation. This may be necessary in
situations where you are using the cluster to run an
application that uses a local file system.
Note: Consider using DataTaps (see “About DataTaps” on page 12)
where possible for optimal performance.

White Paper: BlueData Software Architecture

www.bluedata.com Page 11
5. Storage
This section describes how BlueData EPIC uses DataTaps, tenant
storage, and node storage.
About DataTaps
DataTaps expand access to shared data by specifying a named
path to a specified storage resource. Big Data jobs within EPIC
virtual clusters can then access paths within that resource using
that name. This allows you to run jobs using your existing data
systems without the need to make time-consuming copies or
transfers of your data. Tenant Administrator users can quickly
and easily build, edit, and remove DataTaps using the DataTaps
screen. Tenant Member users can use DataTaps by name.
Each DataTap consists of some of the following properties
depending on its type (NFS, HDFS, or HDFS with Kerberos):
• Name: Unique name for each DataTap. This name may
contain letters (A-Z or a-z), digits (0-9), and hyphens (-), but
may not contain spaces. You can use the name of a valid
DataTap to compose DataTap URIs that you give to
applications as arguments. Each such URI maps to some path
on the storage system that the DataTap points to. The path
indicated by a URI might or might not exist at the time you
start a job, depending on what the application wants to do
with that path. Sometimes the path must indicate a directory
or file that already exists, because the application intends to
use it as input. Sometimes the path must NOT be something
that currently exists, because the application intends to create
it. The semantics of these paths are entirely application-
dependent, and are identical to their behavior when running
the application on a physical Hadoop or Spark platform.
• Description: Brief description of the DataTap, such as the
type of data or the purpose of the DataTap.
• Type: Type of file system used by the shared storage
resource associated with the DataTap (HDFS, or NFS). This
is completely transparent to the end job or other process
using the DataTap. In addition, you can use a DataTap to
connect to a MapR FS; you can also configure a cluster to
access an Amazon S3 bucket on AWS.
• Host: DNS name or address of the service providing access
to the storage resource. For example, this could be the
NameNode of an HDFS cluster.
• Share: For NFS DataTaps, this is the exported share on the
selected host.
www.bluedata.com
• Port: For HDFS DataTaps, this is the port for the NameNode
server on the host used to access the data.
• Path: Complete path to the directory containing the data
within the specified NFS share or HDFS file system. You can
leave this field blank if you intend the DataTap to point at the
root of the specified share/volume/file system.
• Standby NameNode: DNS name or IP address of a standby
NameNode that an HDFS DataTap will try to reach if it cannot
contact the primary host. This field is optional; when used, it
provides high-availability access to the specified HFDS
DataTap.
• Kerberos parameters: If the HDFS DataTap has Kerberos
enabled, then you will need to specify additional parameters.
EPIC supports two modes of user access/authentication.
- Passthrough mode passes the individual user's (client
principal) Kerberos credentials from the compute
Hadoop cluster to the remote HDFS cluster for
authentication.
- Proxy mode permits a “proxy user” to be configured to
have access to the remote HDFS cluster. Individual users
are granted access to the remote HDFS cluster by the
proxy user configuration. Mixing and matching
distributions is permitted between the compute Hadoop
cluster and the remote HDFS. This functionality
duplicates the Kerberos interactions between compute
and HDFS services in a co-located Hadoop deployment.
The storage pointed to by a BlueData DataTap can be accessed by
a Map/Reduce job (or by any other Hadoop-or Spark-based
activity in an EPIC virtual node) by using a URI that includes the
name of the DataTap.
A DataTap points at the top of some directory hierarchy in the
storage container. A URI of the following form can be used to
access the root of that hierarchy:
dtap://data_connector_name
In this example, data_connector_name is the name of the
DataTap that you wish to use. You can access files and directories
further in the hierarchy by appending path components to the URI:
dtap://datatap_name/some_subdirectory/
another_subdirectory/some_file
For example, the URI dtap://mydataconnector/home/
mydirectory means that the data is located within the /home/
mydirectory directory in the storage that the DataTap named
mydataconnector points to.
White Paper: BlueData Software Architecture
Page 12
DataTaps exist on a per-tenant basis. This means that a DataTap uses the HDFS back-end to enforce this quota, meaning that the
created for Tenant A cannot be used by Tenant B. You may, quota applies to storage operations that originate from both the
however, create a DataTap for Tenant B with the exact same EPIC DataTap browser or the nodes within that tenant.
properties as its counterpart for Tenant A, thus allowing both
tenants to use the same shared network resource. This allows Node Storage
jobs in different tenants can access the same storage
Node storage is based on each host in the EPIC platform and is
simultaneously. Further, multiple jobs within a tenant may use a
used for the volumes that back the local storage for each virtual
given DataTap simultaneously. While such sharing can be useful,
node. Using SEDs (Self-Encrypting Drives) will ensure that any
be aware that the same cautions and restrictions apply to these
data written to node storage is encrypted on write and decrypted
use cases as for other types of shared storage: multiple jobs
on read by the OS. A tenant can optionally be assigned a quota for
modifying files at the same location may lead to file access errors
how much storage the nodes in that tenant can consume.
and/or unexpected job results.
BlueData instances running on AWS utilize Amazon EBS (Elastic
Users who have a Tenant Administrator role may view and
Block Storage) as node storage. The size of this storage can be
modify detailed DataTap information. Members may only view
specified in the flavor definition.
general DataTap information and are unable to create, edit, or
remove a DataTap.
Application Path Inputs
Note: Data conflicts may occur id more than one DataTap points to a
location being used by multiple jobs at once. Applications running on EPIC virtual clusters will typically accept
input arguments that specify one or more storage paths. These
On-Premises Tenant Storage paths identify files or directories that either currently exist or are
intended to be created by the application. Each path can be
For tenants that reside on on-premises hosts, tenant storage is a specified in one of three ways:
storage location that is shared by all nodes within a given tenant.
• You can use a UNIX-style file path, such as /home/directory.
The Platform Administrator configures tenant storage while
This path refers to a location within the cluster file system.
installing EPIC and can change it at any time thereafter. Tenant
Remember that the cluster file system and all data stored
storage can be configured to use either a local HDFS installation
therein will be deleted when the cluster is deleted.
(configured by BlueData EPIC on the host storage) or a remote
HDFS or NFS system. Alternatively, you can create a tenant • You can use a DataTap URI, such as dtap://mydatatap/
without dedicated storage. home/mydirectory. This path refers to a location within
the storage system pointed to by the named DataTap within
Note: If all tenants are created using the same tenant storage service
the same tenant. A Hadoop or Spark application will “mount”
settings, then no tenant can access the storage space of any other
a given DataTap before using any paths within that DataTap.
tenant.
If the DataTap changes or is deleted, a running application
When a new tenant is created, that tenant automatically receives a will not see the effects until the next time it attempts to mount
DataTap called “TenantStorage” that points at a unique directory that DataTap.
within the Tenant Storage space. This DataTap can be used in the
• You can use a s3a://<Bucket Name>/<folder name>
same manner as other DataTaps, but it cannot be edited or
path, such as s3a://logdata/2017/. This path refers to
deleted. This does not apply if no tenant storage has been defined
the location of the files in Amazon S3 storage that can be
(meaning that you selected None for tenant storage when
used as the input or output location for Hadoop or Spark jobs.
installing EPIC).
External tables may also be created against files stored in
The TenantStorage DataTap points at the top-level directory that Amazon S3 storage. BlueData auto-configures the S3A client
a tenant can access within the tenant storage service. The Tenant in all Hadoop and Spark clusters. Access controls to specific
Administrator can create or edit additional DataTaps that point at S3 buckets are controlled by the AWS Instance profile
or below that directory; however, one cannot create or edit a specified in the tenant definition.
DataTap that points outside the tenant storage on that particular
Please see the technical white paper BlueData EPIC Storage
storage service. (It is of course possible to create and edit
Options for additional details about the networking design and
DataTaps that point to external services.)
network configurations for the BlueData EPIC software platform.
If the tenant storage is based on a local HDFS, then the Platform
Administrator can specify a storage quota for each tenant. EPIC

White Paper: BlueData Software Architecture

www.bluedata.com Page 13
6. Networking
This section describes how BlueData EPIC manages networking, The two networks are laid out as follows:
including public and private container networks, subnets, and • Network for the physical EPIC Controller, Worker, and
Gateway hosts. Gateway hosts: This network must be both routable and part
of the organization’s network that is managed by that
Networks and Subnets organization’s IT department. All of the physical hosts must
EPIC operates on two networks, as shown in Figure 3: be routable. If the EPIC Platform HA feature is enabled (see
“High Availability” on page 22), then both the Primary
Top of Rack (TOR) Switch
Controller and Shadow Controller must be in the same
10.16.1.1 subnet. If different subnets are used for the Worker hosts,
10.16.1.2
EPIC Gateway 1 then all subnets used must share the same path MTU setting;
Gateway hosts can use subnets with different MTU settings.
.3 See “Multiple Subnets” on page 17.
EPIC Gateway 2
• Network for virtual nodes (Docker containers): EPIC
creates and manages this network, which can be either public
.10 (routable) or private (non-routable). See “Private (Non-
EPIC Controller Routable) Virtual Node Network” on page 15 and “Public
.11
(Routable) Virtual Node Network” on page 16.
EPIC Worker 1
.12
EPIC Worker 2
.13
EPIC Worker 3
192.168.x.x/16

...
.51
EPIC Worker n

Network for Network for

virtual nodes EPIC hosts
Figure 3: Dual networks on the BlueData EPIC platform

White Paper: BlueData Software Architecture

www.bluedata.com Page 14
Private (Non-Routable) Virtual Node Network
Private, non-routable virtual node networks keep the virtual node EPIC replaces the IP addresses of outgoing and incoming packets,
IP addresses private and hidden within the private network. as shown in Figure 3.

BlueData EPIC Management

Cluster provisioning/automation: Embedded containers for Hadoop/Spark nodes
Internal networking: EPIC assigns IP address to containers from a private pool that provides out-of-box network isolation
Policy engine: Resources/placement

Access to services on Controller Host (Host IP2) Worker Host (Host IP3) Worker Host (Host IP4)
containers is proxied
via Gateway host port Tenant 2
numbers.
BD IP8 BD IP9 BD IP10 BD IP11

Gateway Host (Host IP1)

BD IP4 BD IP5
Tenant 1

BD IP6
X X BD IP7
Cluster A

BD IP1 BD IP2 BD IP3

Cluster B

HAProxy Service DataTap Service DataTap Service DataTap Service

Access into/from Docker containers for control traffic, such as SSH and web UIs via the Gateway host (HAProxy)
DataTap access path from Container via Worker host interface to remote storage (eg HDFS) External Switch/
Access to remote systems (e.g. AD, CA, SSO) via Worker hosts (using IP masquerading)
Users
Next Hop
External Network

Figure 4: BlueData EPIC platform configured to use a private, non-routable virtual node network

BlueData EPIC software is deployed on a set of hosts. Each host
has an IP address and FQDN such as Host IP1, Host IP2, etc.
Hosts are typically deployed as one or more rack(s) of servers
that are connected to an external switch for access to other
networks in the organization (e.g. end user network etc).
BlueData EPIC provisions clusters of embedded, fully-managed
Docker containers. Each cluster spins up within a tenant and
receives distinct assigned IP addresses and FQDNs from a private
IP range (or optionally from a routable IP range provided by the
network teams), which appear in the diagram above as BD IP1, BD
IP2, etc. Containers in one tenant do not have network access to
containers in a different tenant despite potentially being placed on
the same host.
End user access to services in the containers (such as SSH or
web applications) is routed through a Gateway host that runs the
HAProxy service. This access is purely for control traffic. All
other traffic, including access to remote HDFS or other enterprise
systems such as Active Directory (AD), MIT KDC (Kerberos
provider), SSO (Identity providers), and Certificate Authority (CA),
is performed via the host network interface, as opposed to the
Gateway host.

White Paper: BlueData Software Architecture

www.bluedata.com Page 15
Public (Routable) Virtual Node Network
Network traffic in a public EPIC virtual node network flows as shown in Figure 5, below.

BlueData EPIC Management

Cluster provisioning/automation: Embedded containers for Hadoop/Spark nodes
Internal networking: EPIC assigns IP address to containers from a ɗ-2',% IP range that provides out-of-box network isolation
Policy engine: Resources/placement

Controller Host (Host IP1) Worker Host (Host IP2) Worker Host (Host IP3) Worker Host (Host IP4)

Tenant 2
BD IP8 BD IP9 BD IP10 BD IP11

BD IP4 BD IP5
Tenant 1

BD IP6
X X BD IP7
Cluster A

BD IP1 BD IP2 BD IP3

Cluster B

DataTap Service DataTap Service DataTap Service DataTap Service

Docker container network access to/from external pathway (via host NIC)
Access to remote systems (e.g. AD, CA, SSO) via Worker hosts External Switch/
Users
Next Hop
External Network

Figure 5: BlueData EPIC platform configured to use a public, routable virtual node network

The above diagram depicts a deployment where a routable IP

range is used for containers. In this case, the BlueData EPIC
platform does not require Gateway hosts/roles. All the key
functionality is identical to the recommended approach for a non-
routable private IP range (see “Private (Non-Routable) Virtual
Node Network” on page 15). This approach allows the Docker
containers to directly access the external network via the network
interface connector (NIC) on the hosts where they reside.

White Paper: BlueData Software Architecture

www.bluedata.com Page 16
Multiple Subnets
See Figure 6, below, for a sample EPIC deployment using multiple subnets.
End-user clients
(Hue console, Datameer, etc.) Remote data lake AD/LDAP/KDC

External switch

Rack 1/Subnet 1 Rack 2/Subnet 2 Rack 3/Subnet 3

Top of Rack (TOR) switch Top of Rack (TOR) switch Top of Rack (TOR) switch

EPIC host (Controller) EPIC host EPIC host

EPIC host (Shadow) Controller ... ...

EPIC host (Arbiter/Worker) EPIC host n EPIC host n

EPIC host
...
EPIC host n

BlueData EPIC cluster

Figure 6: BlueData EPIC platform that spans multiple subnets

When multiple subnets are used:
• The EPIC hosts may be located on-premises and/or in a
public cloud. For example, EPIC hosts can reside on multiple
racks and/or can be virtual machines residing on cloud-based
services, such as AWS.
• If the EPIC platform includes cloud-based hosts, then the
container network must be private and non-routable.
• All of the subnets used by EPIC Worker hosts must share the
same path MTU setting.
• The subnet(s) used by EPIC Gateway hosts may have
different path MTU settings.
Gateway Hosts
A Gateway host is an optional first-class role that is managed by
EPIC in a manner similar to the Controller and Compute Worker
hosts. One or more Gateway host(s) are required when the IP
addresses used by the virtual nodes in the EPIC platform are
private and non-routable, meaning that the virtual nodes cannot
be accessed via the corporate network. Gateway hosts must
conform to all applicable requirements listed in the EPIC
documentation. Unlike Compute Worker hosts, Gateway hosts do
not run containers/virtual nodes. Instead, they enable access to
user-facing services such as Hue console, Cloudera Manager,
Ambari, and/or SSH running on containers via High Availability
Proxy (HAProxy). You can configure multiple Gateway hosts with
a common Fully Qualified Domain Name (FQDN) for round-robin
load balancing and High Availability. You may also use a hardware
load balancer in front of the multiple Gateway hosts.
The ability to run EPIC virtual nodes in a private, non-routable
network can drastically reduce the routable IP address pool
requirement. For example, a /16 private network can support
thousands of containers. The corporate network need only
manage the physical host addresses (for example, 10.16.1.2-51),
while EPIC Gateway hosts provide access to the virtual nodes
running on those hosts. All control traffic to the virtual nodes/
Docker containers from end-user devices (browsers and
command line), such as https, SSH, and/or AD/KDC, goes through
the Gateway host(s), while all traffic from the virtual nodes/
Docker containers is routed through the EPIC hosts on which

White Paper: BlueData Software Architecture

www.bluedata.com Page 17
those nodes/containers reside. Every container spawned within
the EPIC platform is assigned a private IP address that is Top of Rack (TOR) Switch External Switch(es)
managed by the EPIC private network. Only the Gateway host(s) 10.16.1.1
10.16.1.2
and Controller need be exposed to the end-user network in the EPIC Gateway 1 AD/LDAP/KDC
firewall.
.3
EPIC Gateway 2 Secure Data Zone
Support for multiple subnets increases Gateway host flexibility.
Data Lake
For example, you can use “small” virtual machines that meet all
Corporate D/C Network
Gateway host requirements located on different racks or in EPIC Controller .10

different areas of your network, instead of having to place these

.11
hosts on the same rack as Compute hosts. This can help optimize EPIC Worker 1
resource usage. .12
EPIC Worker 2
Figure 7 (right) displays the physical architecture of an EPIC
.13
platform with Gateway hosts. Figure 8 (below) displays the logical EPIC Worker 3

192.168.x.x/16
architecture of an EPIC platform with Gateway hosts.
...
.51
EPIC Worker n

Figure 7: Physical EPIC platform architecture with Gateway hosts

BlueData EPIC Cluster

EPIC Controller Host
DN DN
(EPIC web interface)
Ambari Hue NN DN CM Hue NN DN
172.16.1.10
192.168.10.12 192.168.10.26 192.168.10.196 192.168.10.197
DN DN

12001 12002 14001 14002

EPIC Gateway(s)
172.16.1.2

Ambari: http://172.16.1.2:12001 Cloudera Manager: http://172.16.1.2:14001

Hue: http://172.16.1.2: 12002 Hue: http://172.16.1.2: 14002

Switch Corporate D/C Network

Platform Administrator

Data Scientist A Data Scientist B

Figure 8: Logical EPIC platform architecture with Gateway hosts

Please see the technical white paper BlueData EPIC Network Design
for additional details about the networking design and network
configurations for the BlueData EPIC software platform.

White Paper: BlueData Software Architecture

www.bluedata.com Page 18
7. Cluster Management
This section describes how BlueData EPIC creates on-premises
and AWS clusters, cluster Isolated Mode, and host tags.
Cluster Creation
EPIC performs the following tasks when you create a cluster:
1. The EPIC Controller checks whether cluster creation would
violate any tenant quotas or licensing limits.
2. If EPIC is being installed on-premises, then the Controller
checks whether enough total free system resources are
available for cluster creation.
3. The Controller chooses the host(s) in the EPIC platform on
which to deploy virtual nodes. For on-premises EPIC
platforms, these are physical hosts managed as EPIC
Workers, and they are selected based on node affinity,
scheduling constraints, matching host tag(s) (see “Host Tags”
on page 21), and the per-host free resources. For AWS EPIC
platforms, these hosts are EC2 instances that are generated
on demand.
4. The Controller copies the appropriate application image onto
each chosen host if it is not already available there.
5. The EPIC Host Agent service runs on each host and manages
the lifecycle of the virtual nodes (containers) deployed on that
host. This service creates a Docker container for each virtual
node and then configures the networking and storage for the
node(s).
6. The Controller copies the Node Agent package into each
virtual node, and then logs into those containers via SSH to
install and start that agent.
7. The Node Agent in each virtual node registers the node with
its host's DataTap service and requests the application setup
package and cluster metadata from either the Controller or
the specified Docker-compatible registry, as appropriate.
8. The Node Agent unpacks the application setup package, and
then runs the extracted startscript.
9. The Node Agent begins reporting cluster configuration status
and services status to the Controller.
10. The startscript in each virtual node queries bd_vcli
namespaces to obtain information from the cluster metadata,
which includes the IP addresses and DNS names of nodes in
the cluster, node roles, service definitions, etc.
11. The startscript performs final runtime configuration
appropriate for the application.
www.bluedata.com
12. The startscript registers application services with the Node
Agent to identify services that must be started every time the
node is (re)started.
13. After the startscript has succeeded on all nodes, the Node
Agent reports a “ready” cluster status to the Controller, and
the startscript output from each node is uploaded to the
Controller to be displayed as the cluster setup logs in the
EPIC interface and API.
14. If the EPIC platform is configured to use LDAP/AD user
authentication, then an additional post-config setup takes
place to allow users to access the containers.
The two figures on the following page illustrate how this works.
Figure 9 shows the container orchestration process for an on-
premises EPIC platform. Figure 10 shows the container
orchestration process for an AWS-based EPIC platform. A hybrid
EPIC platform will also use this process for AWS resources.
Isolated Mode
There may be times when you need to limit access to a cluster in
order to perform configuration or maintenance. Clusters in on-
premises tenants on an EPIC platform running RHEL/CentOS 7.x
can be placed into Isolated Mode. Running a cluster in Isolated
Mode allows authorized users to access clusters for maintenance
or updates using either automated scripts or manual commands,
while preventing other users from accessing the services running
in that cluster. Clusters can be placed into Isolated Mode at any
time. For example, you can create a new cluster in Isolated Mode
and then configure Kerberos protection before making that cluster
available for tenant-wide access, thereby avoiding any security
issues that may arise from running an unprotected cluster. You
may also specify a “bootstrap” ActionScript that will automatically
run as soon as a new cluster comes up.
Placing a cluster into Isolated Mode limits access to only those
users who have access to the keypair based on the Cluster
Superuser Privilege setting for the tenant. If LDAP/AD is used for
authenticating EPIC users, then these users may also log in with
their LDAP/AD credentials instead of using the tenant keypair.
Placing a cluster into Isolated Mode has the following effects:
• None of the cluster ports except SSH can be accessed from
outside the cluster.
• Only authorized users (see above) can access the cluster via
SSH or make changes via the EPIC interface or API, such as
configuration, power, ActionScripts, and/or cluster deletion.
White Paper: BlueData Software Architecture
Page 19
 Create Cluster EPIC Physical Hosts All Hosts Run
L-,20-**#04#0'ɑ#10#1-urce availability/quotas. - EPIC Management runs on the
- Import image to physical node(s) from Controller node.
Controller/registry, if needed. - Host Agent runs on all nodes and
- Create container using Host Agent. manages the container lifecycle.
- Setup container storage & networking.
EPIC Controller
Schedules
cluster creation.
Between Physical Hosts & Docker Containers
- EPIC Management copies the Node Agent into
the Docker containers.
- EPIC Management SSH into containers and
runs Node Agent install.

On the Docker Containers Query Runtime Information

- Node Agent requests metadata copy from the
Controller.
L 620!21!-,ɑ%+#2"2r..!-,ɑ%G2%8sG
- Runs startscript and starts registered
services.
Containers query bd_vcli namespaces
for:
- Host IP addresses and DNS names
L#04'!#"#ɑ,'2'-,1I03,,',g services,
status, etc.

Figure 9: On-premises container orchestration

.
Create Cluster Controller Schedules EC2 Instance Creation All Hosts Run
- Controller checks against tenant quotas. - EPIC Management runs on the
- Creates Worker EC2 instance & copies image Controller node.
from S3 image bucket/registry to instance. - Host Agent runs on all nodes and
- Creates container using Host Agent. manages the container lifecycle.
- Sets up container storage & networking.
EPIC Controller
Schedules
cluster creation.
Between EC2 Instance & Docker Container
- EPIC Management copies the Node Agent into
the Docker containers.
- EPIC Management SSH into containers and
runs Node Agent install.

On the Docker Containers Query Runtime Information

- Node Agent requests metadata copy from the
Controller.
L 620!21!-,ɑ%+#2"2r..!-,ɑ%G2%8sG
- Runs startscript and starts registered
services.
Containers query bd_vcli namespaces
for:
- Host IP addresses and DNS names
L#04'!#"#ɑ,'2'-,1I03,,',g1#04'!#1I
12231I#2!G

Figure 10: AWS container orchestration

White Paper: BlueData Software Architecture

www.bluedata.com Page 20
• Non-authorized users can place a cluster into Isolated Mode,
but only authorized users can exit the cluster from this mode.
• Any SSH connections that are in progress when the cluster is
placed into Isolated Mode will be terminated.
• Users cannot access cluster services via the Node(s) Info tab
of the Cluster Details screen.
• A cluster can be configured to require two-step deletion. If
this flag is set, then an attempt to delete a cluster will place
that cluster into Isolated Mode. An authorized user can then
delete that cluster once they determine that it is proper to do
so.
• Any jobs being run by the cluster when placed into Isolated
Mode will continue; however, no new jobs can be run in this
cluster until it has been removed from Isolated Mode.
• Isolated Mode events (enabling and disabling this mode) will
appear in the Cluster History tab of the Cluster Details
screen.
The general process of creating and using tags is:
1. Create one or more tag(s). Tag names are arbitrary and may
include special characters and/or spaces; however, best
practice is to assign consistent tag names.
2. Assign the tag(s) to one or more Compute Worker host(s),
and then specify the value to assign to each tag assigned to
each host. Values are arbitrary; however, best practice is to
assign consistent values to each tag.
3. Create or edit a placement constraint for the cluster to force
EPIC to place that cluster on a host where one or more tag(s)
do(es) or do(es) not equal a value.

Host Tags
Tags allows you to control the physical host(s) on which EPIC will
place a newly created or edited cluster by forcing EPIC to place
the cluster on only those host(s) that meet the criteria that you
specify for that cluster. For example, you could use tags to:
• Place GPU-centric clusters such as TensorFlow on only
those hosts that are tagged with a GPU identifier, such as
gpu=yes.
• Place specific workload clusters that require SSD-based
virtual node storage, such as ssd=true or storage=ssd-
only.
• Isolate virtual clusters of a specific tenant onto specific EPIC
hosts for physical isolation in addition to network isolation,
such as tenant=marketing or tenant=finance.
• Differentiate between cloud-based EPIC hosts and on-
premises based EPIC hosts in a single unified EPIC
deployment, such as onprem=true or location=onprem.

White Paper: BlueData Software Architecture

www.bluedata.com Page 21
8. High Availability
BlueData EPIC supports three levels of High Availability
protection:
• Platform High Availability: This level of protection only
applies to EPIC platform resources that are located on your
premises. AWS resources are not covered.
• Virtual Cluster High Availability: This level of protection
applies to clusters that reside on both on-premises and AWS
resources.
• Gateway Host High Availability: This level of protection
applies to Gateway host(s) for on-premises EPIC resources.
Platform High Availability
For on-premises installations, EPIC supports platform-level High
Availability functionality that protects your EPIC platform against
the failure of the Controller host. Your EPIC platform must include
at least three hosts that conform to all of the requirements listed
in the EPIC documentation in order to support this feature, as
shown in Figure 11.
Platform-level High Availability requires designating two Worker
hosts as the Shadow Controller and Arbiter, respectively. If the
Controller host fails, then EPIC will failover to the Shadow
Controller host within approximately two or three minutes, and a
warning will appear at the top of the EPIC screens. You may need
to log back in to EPIC if this occurs.
Controller Shadow
Host Controller Arbiter
Cluster IP address
Minimum conɑguration
Figure 11: BlueData EPIC platform configured for High Availability
When a failure of a High Availability host occurs, EPIC takes the
following actions:
• If the Controller host has failed, then EPIC fails over to the
Standby Controller host and begins running in a degraded
state. This process usually takes 2-3 minutes, during which
you will not be able to log in to EPIC.
• If the Shadow Controller or Arbiter host fails, then EPIC
keeps running on the Controller host in a degraded state.
www.bluedata.com
Each on-premises host in the EPIC platform has its own IP
address. If the Controller host fails, then attempting to access the
Shadow Controller host using the same IP address will fail.
Similarly, accessing the Shadow Controller host using that node’s
IP address will fail once the Controller host recovers. To avoid
this problem, you must specify a cluster IP address that is bonded
to the node acting as the Controller host, and then log into EPIC
using that cluster IP address. EPIC will automatically connect you
to the Controller host (if the EPIC platform is running normally) or
to the Shadow Controller host with a warning message (if the
Controller host has failed and triggered the High Availability
protection).
Platform-level EPIC High Availability protects against the failure
of any one of the three hosts being used to provide this
protection. The warning message will therefore appear if either
the Shadow Controller or Arbiter host fails, even if the Controller
host is functioning properly.
When platform High Availability is enabled:
• The Controller host manages the EPIC platform, and the
Shadow Controller and Arbiter hosts function as Worker
hosts.
• If the Controller host fails, then the Arbiter host switches
management of the EPIC Platform to the Standby Controller
host, and the EPIC platform is no longer protected against any
Additional Worker Host(s), if Any
• A message appears in the upper right corner of the EPIC
interface warning you that the system is running in a
degraded state. Use the Service Status tab of the Platform
Administrator Dashboard to see which host has failed and
which services are down.
White Paper: BlueData Software Architecture
Page 22
• EPIC analyzes the root cause of the host failure and attempts
to recover the failed host automatically. If recovery is
possible, then the failed host will come back up and EPIC will
resume normal operation.
• If EPIC cannot resolve the problem, then the affected host will
be left in an error state and you will need to manually
diagnose and repair the problem (if possible) and then reboot
that host. If rebooting solves the problem, then the failed host
will come back up and EPIC will resume normal operation. If
this does not solve the problem, then you will need to contact
BlueData Technical Support for assistance.
Enabling platform High Availability protection in EPIC is a two-
stage process: First, you must designate one Worker host as the
Shadow Controller host in the Installation tab of the EPIC
Installation screen. This is a one-time assignment; you cannot
transfer the Shadow Controller role to another Worker host.
Second, you must enable High Availability protection and then
assign the Arbiter role to a third Worker host in the HA Settings
tab of the Settings screen.
Availability. In general, you should implement High Availability just
after first installing EPIC.
Virtual Cluster High Availability
Some Big Data applications allow you to create cluster with High
Availability protection. This is separate and distinct from the EPIC
platform High Availability described above, as follows:
A cluster with High Availability enabled for that virtual cluster is
still dependent on the EPIC platform. If the Controller host on an
EPIC platform without High Availability fails, then the virtual
cluster will also fail.
If the EPIC platform has High Availability enabled and the Master
node of a virtual cluster fails, then that virtual cluster will fail if
High Availability for that virtual cluster was not enabled when that
virtual cluster was created.
The following table displays the relationship between virtual
cluster and EPIC platform High Availability protection under a
variety of scenarios:

EPIC does not support enabling platform High Availability if any Note: In Figure 12, below, the asterisks (*) denote platform-level
virtual clusters already exist. If you create one or more virtual High Availability protection that is only available to resources
clusters before deciding to enable High Availability, then you located on-premises. AWS resources only support High
should delete those clusters before proceeding with the High Availability for virtual clusters.

FAILURE TYPE NO HA CLUSTER HA ONLY EPIC HA ONLY* BOTH HA

EPIC Controller host down; virtual cluster X X protected protected
Master node up.
EPIC Controller host up; virtual cluster Master X protected X protected
down.
EPIC Controller host up; Other virtual cluster protected protected protected protected
node down.
Figure 12: BlueData EPIC High Availability protection under various scenarios

Gateway Host High Availability

You can add redundancy for Gateway hosts by mapping multiple
Gateway host IP addresses to a single hostname. When this is
done, then either the DNS server or an external load balancer will
load-balance requests to the hostname among all of the Gateway
hosts on a round-robin basis. This ensures that there is no single
point of failure for the Gateway host.

White Paper: BlueData Software Architecture

www.bluedata.com Page 23
Appendix
This Appendix defines the key terms used in this white paper and
describes how BlueData EPIC supports Hadoop and Spark.
Definitions
This white paper uses the following terms:
• Host: A host is a physical or virtual server that is available to
the EPIC platform. Nodes and clusters reside on hosts.
• Node: A node (also called a virtual node or instance) is a
Docker container that is created when creating a persistent
cluster. This white paper may also use the terms container
and/or Docker container.
• Microservice: A microservice is a method of developing
software applications as a suite of small, modular, and
independently deployable services in which each service runs
a unique process and communicates through a well-defined,
lightweight mechanism to serve a business goal.
• Big Data application: A Big Data application generally refers
to a distributed, multi-node, inter-related service that can
process large amounts of data computing on several nodes.
Some examples of Big data Applications include Hadoop,
Spark, Kafka, Cassandra, HBase, and others. Big Data
applications should not be confused with microservices.
• Docker container: A Docker container is a lightweight,
standalone, executable software package that runs specific
services. This software package includes code, runtime,
system libraries, configurations, etc. that run as isolated
process in user space. A Docker container is typically used to
deploy scalable and repeatable microservices.
• EPIC platform: An EPIC platform consists of the hosts that
comprise the overall infrastructure available to a virtual
cluster.
• Controller: A Controller is a host that manages the other
nodes while also serving as a Worker host in the EPIC
platform.
• Worker host: A Worker host is a host that is managed by a
Controller.
• Compute host (or Compute Worker): A Compute host or
Compute Worker is a Worker host that runs the virtual nodes
(Docker containers) used by persistent clusters.
www.bluedata.com
• Gateway host (or Gateway Worker): A Gateway host or
Gateway Worker is a Worker host that maps services running
on virtual nodes to ports in order to allow users to access
those services when the virtual node IP addresses are non-
routable and thus cannot be accessed directly.
• Master node: A Master node is a container that manages a
cluster.
• Worker node: A Worker node is a container that is managed
by a Master node in a cluster.
• Shadow Controller: A Shadow Controller is a designated
Worker host that assumes the Controller host role if the
primary Controller host fails. Your EPIC platform must meet
all applicable requirements and have High Availability enabled
for this protection to be active.
• Arbiter: An Arbiter is a designated Worker host that triggers
the Shadow Controller host to assume the Controller role if
the primary Controller host fails.
• Hadoop job tracker: Within a virtual cluster running
MapReduce version 1, a Hadoop job tracker is the service that
is responsible for coordinating the MapReduce application
efforts of the remaining virtual nodes within that virtual
cluster.
• Hadoop task tracker: Within a virtual cluster running
MapReduce version 1, a Hadoop task tracker is a service that
accepts tasks (Map, Reduce, and Shuffle operations) from the
Hadoop job tracker. Each task tracker configuration specifies
the number of “slots” or tasks that it can accept. Task
trackers notify the job tracker when tasks complete. They
also send out periodic “heartbeat” messages with the number
of available slots, to keep the job tracker updated.
• Resource manager: Within a virtual cluster running YARN, a
resource manager is the service that is responsible for
coordinating the MapReduce application efforts of the
remaining virtual nodes within that virtual cluster.
• Node manager: Within a virtual cluster running YARN, a node
manager is a service that accepts tasks (Map, Reduce, and
Shuffle operations) from the resource manager. Each node
manager configuration specifies the number of “slots” or
tasks that it can accept. Node managers notify the resource
manager when tasks complete. They also send out periodic
“heartbeat” messages with the number of available slots, to
keep the resource manager updated.
White Paper: BlueData Software Architecture
Page 24
• Platform: A platform includes all of the tenants, nodes, virtual
clusters, and users that exist on a given EPIC deployment.
• Tenant: A tenant is a unit of resource partitioning and data/
user access control in a given deployment. The resources of
an EPIC platform are shared among the tenants on that
platform. Resources used by one tenant cannot be used by
another tenant. All users who are a member of a tenant can
access the resources and data objects available to that
tenant.
• Edge node: An edge node is a container running a business
intelligence tool that interacts with the cluster’s Hadoop or
Spark framework.
• Virtual cluster: A virtual cluster is a collection of virtual nodes
that is available to a specific tenant.
• cnode: cnode is the BlueData caching node service. The
transfer of storage I/O requests from the BlueData
implementation of the HDFS Java client to this caching node
service is being optimized as latency is reduced.
• Node flavor: A node flavor describes the amounts and sizes
of resources (virtual CPU cores, memory, and hard disk size)
allotted to a virtual node.
• Platform Administrator: The Platform Administrator (or
Platform Admin) is a role granted to an EPIC user. A user
with this role has the ability to create/delete tenants. This
user will typically also be responsible for managing the hosts
in the EPIC platform.
• Tenant Administrator: A Tenant Administrator (or Tenant
Admin) is a role granted to an EPIC user. A user with this role
has the ability to manage the specific tenant(s) for which they
have been granted this role, including creating DataTaps for
that tenant.
• Tenant Member: A Tenant Member (or Member) is a role
granted to an EPIC user. A user with this role has non-
administrative access to the specific tenant(s) for which they
have been granted this role. Members may use existing
DataTaps for reading and writing data.
• User: A user is the set of information associated with each
person accessing the EPIC platform, including the
authentication and site roles.
• DataTap: A DataTap is a shortcut that points to a storage
resource on the network. A Tenant Administrator creates a
DataTap within a tenant and defines the storage namespace
that the DataTap represents (such as a directory tree in a file
system). A Tenant Member may then access paths within that
resource for data input and/or output. Creating and editing
DataTaps allows Tenant Administrators to control which
storage areas are available to the members of each tenant,
www.bluedata.com
including any specific sharing or isolation of data between
tenants.
• Node storage: Node storage is storage space available for
backing the root filesystems of containers. Each host in the
EPIC platform contributes node storage space that is used by
the virtual nodes (Docker containers) assigned to that host.
The Platform Administrator may optionally specify a quota
limiting how much node storage a tenant's virtual nodes may
consume.
• Tenant storage: Tenant storage is a shared storage space that
may be provided by either a local HDFS installation on the
EPIC platform or a remote storage service. Every tenant is
assigned a sandbox area within this space that is accessible
by a special, non-editable TenantStorage DataTap. All virtual
nodes within the tenant can access this DataTap and use it
for persisting data that is not tied to the life cycle of a given
cluster. Tenant storage differs from other DataTap-
accessible storage as follows:
- A tenant may not access tenant storage outside of its
sandbox.
- The Platform Administrator can choose to impose a
space quota on the sandbox.
• Cluster file system: Many types of EPIC clusters set up
cluster-specific shared storage that consists of services and
storage resources inside the cluster nodes. For example, an
EPIC cluster running Hadoop will set up an in-cluster HDFS
instance. This shared storage is referred to as the cluster file
system. The cluster file system is often used for logs and
temporary files. It can also be used for job input and output;
however, the cluster file system and all data therein will be
deleted when the cluster is deleted.
Hadoop and Spark Support
The BlueData EPIC platform includes pre-configured, ready-to-
run versions of major Hadoop distributions, such as Cloudera
(CDH), Hortonworks (HDP), and MapR (CDP). It also includes
recent versions of Spark standalone as well as Kafka and
Cassandra. Other Big Data distributions, services, commercial
applications, and custom applications can be easily added to a
BlueData EPIC deployment, as described in “App Store” on
page 2.
BlueData EPIC supports a wide range of Big Data application
services and Hadoop/Spark ecosystem products out-of-the-box,
such as:
• Ambari (for HDP): Ambari is an open framework that allows
system administrators to provision, manage, and monitor
White Paper: BlueData Software Architecture
Page 25
 Apache Hadoop clusters and integrate Hadoop with the
existing network infrastructure.
• Cassandra (from Datastax): Cassandra is a free, open-
source, distributed NoSQL database management system for
processing large datasets on commodity servers with no
single points of failure.
• Cloudera Manager (for CDH): Cloudera Manager provides a
real-time view of the entire cluster, including a real-time view
of the nodes and services running, in a single console. It also
includes a full range of reporting and diagnostic tools to help
optimize performance and utilization.
• Cloudera Navigator (for CDH): Cloudera Navigator is a fully
integrated Hadoop data management tool that provides
critical data governance capabilities for regulated enterprises
or enterprises with strict compliance requirements. These
capabilities include verifying access privileges and auditing all
Hadoop data access.
• Flume: Flume-NG is a distributed, reliable, and available
service for efficiently collecting, aggregating, and moving
large amounts of server log data. It is robust and fault
tolerant with many failover and recovery mechanisms. It uses
a simple extensible data model that allows one to build online
analytic applications.
• GraphX (for Spark): GraphX works seamlessly with graphs
and collections by combining ETL, exploratory analysis, and
iterative graph computation within a single system. The
Pregel API allows you to write custom iterative graph
algorithms.
• Hadoop Streaming: Hadoop Streaming is a utility that allows
you to create and run MapReduce jobs with any script as the
mapper and/or the reducer taking its input from stdin and
writing its output to stdout.
• HAWQ: Apache HAWQ is a native Hadoop application that
combines high-performance Massively Parallel Processing
(MPP)-based analytics performance with robust ANSI SQL
compliance, integration, and manageability within the Hadoop
ecosystem, as well as support for a variety of datastore
formats with no connectors required.
• HBase: HBase is a distributed, column-oriented data store
that provides random, real-time read/write access to very
large data tables (billions of rows and millions of columns) on
a Hadoop cluster. It is modeled after Google’s BigTable
system.
• Hive: Hive facilitates querying and managing large amounts
of data stored on distributed storage. This application
provides a means for applying structure to this data and then
www.bluedata.com
running queries using the HiveQL language. HiveQL is similar
to SQL and supports using custom mappers when needed.
• Hue: Hue is an open-source Web interface that integrates the
most common Hadoop components into a single interface
that simplifies accessing and using a Hadoop cluster.
• Impala: Impala by Cloudera is an open-source MPP query
engine that allows users to query data without moving or
transforming that data, thus enabling real-time analytics
without the need to migrate data sets. EPIC supports Impala
on CDH.
• JupyterHub: JupyterHub is a multi-user server that provides
a dedicated single-user Jupyter Notebook server for each
user in a group.
• Kafka: Kafka allows a single cluster to act as a centralized
data repository that can be expanded with zero down time. It
partitions and spreads data streams across a cluster of
machines to deliver data streams beyond the capability of any
single machine.
• MapReduce: MapReduce assigns segments of an overall job
to each Worker, and then reduces the results from each back
into a single unified set.
• MLlib: MLlib is Spark’s scalable machine learning library that
contains common learning algorithms, utilities, and underlying
optimization primitives.
• Oozie: Oozie is a workflow scheduler system for managing
Hadoop jobs that specializes in running workflow jobs with
actions that run Hadoop MapReduce and Pig jobs.
• Pig: Pig is a language developed by Yahoo that allows for
data flow and transformation operations on a Hadoop cluster.
• Ranger: Apache Ranger is a central security framework that
allows granular access control to Hadoop data access
components, such as Hive and HBase. Security
administrators manage policies that govern access to a wide
array of resources in an individual and/or group basis.
Additional capabilities include auditing, policy analytics, and
encryption.
• RStudio: RStudio is a free, open-source integrated
development environment (IDE) for the R programming
language that is used for statistical computing and graphics.
• Spark SQL: Spark SQL is a Spark module designed for
processing structured data. It includes the DataFrames
programming abstraction and can also act as a distributed
SQL query engine. This module can also read data from an
existing Hive installation.
• SparkR: This R package provides a lightweight front end for
using Spark from R.
White Paper: BlueData Software Architecture
Page 26
• Spark Streaming: Spark Streaming is an extension of the
core Spark API that enables fast, scalable, and fault-tolerant
processing of live data streams.
• Sqoop: Sqoop is a tool designed for efficiently transferring
bulk data between Hadoop and structured datastores, such as
relational databases. It facilitates importing data from a
relational database, such as MySQL or Oracle DB, into a
distributed filesystem like HDFS, transforming the data with
Hadoop MapReduce, and then exporting the result back into
an RDBMS.
• Sqoop 2: Sqoop 2 is a server-based tool designed to transfer
data between Hadoop and relational databases. You can use
Sqoop 2 to import data from a relational database
management system (REBMS) such as MySQL or Oracle into
the Hadoop Distributed File System (HDFS), transform the
data with Hadoop MapReduce, and then export it back into an
RDBMS.
• Zeppelin: Web-based Zeppelin notebooks allow interactive
data analytics by bringing data ingestion, exploration,
visualization, sharing, and collaboration features to Spark as
well as Hadoop.

White Paper: BlueData Software Architecture

www.bluedata.com © 2017 BlueData Page 27