Apache Storm and Kafka Boston Storm User Group

Apache Storm and Kafka Boston Storm User Group September 25, 2014 P. Taylor Goetz, Hortonworks @ptgoetz

What is Apache Kafka?

A pub/sub messaging system. Re-imagined as a distributed commit log.

Apache Kafka Fast “A single Kafka broker can handle hundreds of megabytes of reads and writes per second from thousands of clients. ” http: //kafka. apache. org

Apache Kafka Scalable “Kafka is designed to allow a single cluster to serve as the central data backbone for a large organization. It can be elastically and transparently expanded without downtime. ” http: //kafka. apache. org

Apache Kafka Durable “Messages are persisted on disk and replicated within the cluster to prevent data loss. Each broker can handle terabytes of messages without performance impact. ” http: //kafka. apache. org

Apache Kafka Distributed “Kafka has a modern cluster-centric design that offers strong durability and fault-tolerance guarantees. ” http: //kafka. apache. org

Apache Kafka: Use Cases • Stream Processing • Messaging • Click Streams • Metrics Collection and Monitoring • Log Aggregation

Apache Kafka: Use Cases • Greek letter architectures • Which are really just streaming design patterns

Apache Kafka: Under the Hood Producers/Consumers (Publish-Subscribe)

Apache Kafka: Under the Hood Producers write data to Brokers Consumers read data from Brokers This work is distributed across the cluster

Apache Kafka: Under the Hood Data is stored in topics. Topics are divided into partitions. Partitions are replicated.

Apache Kafka: Under the Hood Topics are named feeds to which messages are published. http: //kafka. apache. org/documentation. html

Apache Kafka: Under the Hood Topics consist of partitions. http: //kafka. apache. org/documentation. html

Apache Kafka: Under the Hood A partition is an ordered and immutable sequence of messages that is continually appended to. http: //kafka. apache. org/documentation. html

Apache Kafka: Under the Hood A partition is an ordered, immutable sequence of messages that is continually appended to. http: //kafka. apache. org/documentation. html

Apache Kafka: Under the Hood Sequential disk access can be faster than RAM! http: //kafka. apache. org/documentation. html

Apache Kafka: Under the Hood Within a partition, each message is assigned a unique ID called an offset that identifies it. http: //kafka. apache. org/documentation. html

Apache Kafka: Under the Hood Zoo. Keeper is used to store cluster state information and consumer offsets. http: //kafka. apache. org/documentation. html

Storm and Kafka A match made in heaven.

Data Source Reliability • A data source is considered unreliable if there is no means to replay a previously-received message. • A data source is considered reliable if it can somehow replay a message if processing fails at any point. • A data source is considered durable if it can replay any message or set of messages given the necessary selection criteria.

Data Source Reliability • A data source is considered unreliable if there is no means to replay a previously-received message. • A data source is considered reliable if it can somehow replay a message if processing fails at any point. • A data source is considered durable if it can replay any message or set of messages given the necessary selection criteria. Kafka is a durable data source.

Reliability in Storm • Exactly once processing requires a durable data source. • At least once processing requires a reliable data source. • An unreliable data source can be wrapped to provide additional guarantees. • With durable and reliable sources, Storm will not drop data. • Common pattern: Back unreliable data sources with Apache Kafka (minor latency hit traded for 100% durability).

Storm and Kafka Apache Kafka is an ideal source for Storm topologies. It provides everything necessary for: • At most once processing • At least once processing • Exactly once processing Apache Storm includes Kafka spout implementations for all levels of reliability. Kafka Supports a wide variety of languages and integration points for both producers and consumers.

Storm-Kafka Integration • Included in Storm distribution since 0. 9. 2 • Core Storm Spout • Trident Spouts (Transactional and Opaque. Transactional)

Storm-Kafka Integration Features: • Ingest from Kafka • Configurable start time (offset position): • • Earliest, Latest, Last, Point-in-Time Write to Kafka (next release)

Use Cases

Core Storm Use Case Cisco Open Security Operations Center (Open. SOC)

Analyzing 1. 2 Million Network Packets Per Second in Real Time

O p e n S O C : Breaches occur in sec. /min. /hrs. , but take days/weeks/months to discover.

Data 3 V is not getting any smaller…

"Traditional Security analytics tools scale up, not out. ” "Open. SOC is a software application that turns a conventional big data platform into a security analytics platform. ” - James Sirota, Cisco Security Solutions https: //www. youtube. com/watch? v=b. QTZ 8 Og. Day. A

Open. SOC Conceptual Model

Open. SOC Architecture

PCAP Topology

Telemetry Enrichment Topology

Enrichment

Analytics Dashboards

Open. SOC Deployment @ Cisco

Trident Use Case Health Market Science Master Data Management

Health Market Science • “Master File” database of every healthcare practitioner in the U. S. • Kept up-to-date in near-real-time • Represents the “truth” at any point in time (“Golden Record”)

Health Market Science • Build products and services around the Master File • Leverage those services to gather new data and updates

Master Data Management

Data In

Data Out

MDM Pipeline

Polyglot Persistence Choose the right tool for the job.

Data Pipeline

Why Trident? • Aggregations and Joins • Bulk update of persistence layer (Micro-batches) • Throughput vs. Latency

Cassandra. Cql. State public void commit(Long txid) { Batch. Statement batch = new Batch. Statement(Type. LOGGED); batch. add. All(this. statements); client. Factory. get. Session(). execute(batch); } public void add. Statement(Statement statement) { this. statements. add(statement); } public Result. Set execute(Statement statement){ return client. Factory. get. Session(). execute(statement); }

Cassandra. Cql. State. Updater public void update. State(Cassandra. Cql. State state, List<Trident. Tuple> tuples, Trident. Collector collector) { for (Trident. Tuple tuple : tuples) { Statement statement = this. mapper. map(tuple); state. add. Statement(statement); } }

Mapper Implementation public Statement map(List<String> keys, Number value) { Insert statement = Query. Builder. insert. Into(KEYSPACE_NAME, TABLE_NAME); statement. value(KEY_NAME, keys. get(0)); statement. value(VALUE_NAME, value); return statement; } public Statement retrieve(List<String> keys) { Select statement = Query. Builder. select(). column(KEY_NAME). column(VALUE_NAME). from(KEYSPACE_NAME, TABLE_NAME). where(Query. Builder. eq(KEY_NAME, keys. get(0))); return statement; }

Storm Cassandra CQL {tuple} <— <mapper> —> CQL Statement Trident Batch == CQL Batch git@github. com: hmsonline/storm-cassandra-cql. git

Customer Dashboard

Thanks! P. Taylor Goetz, Hortonworks @ptgoetz