Understanding the Data Fabric Data Access Gateway

The Data Fabric Data Access Gateway is a service that acts as a proxy and gateway for translating requests between lightweight client applications and the data-fabric cluster.

For the MEP 5.0 release, the service is used by the HPE Ezmeral Data Fabric Database JSON REST API. Starting with the MEP 6.0 release, the service can be used by the Node.js, Python, C#, and Go OJAI clients. Beginning with the MEP 6.3.0 release, the service can be used by the Java OJAI thin client.

The OJAI clients that connect to the Data Access Gateway use gRPC, an open-source RPC framework, to expose the HPE Ezmeral Data Fabric Database OJAI API to the client. RPC message headers for individual messages are encoded using Protocol Buffers. The message payload is encoded using OJAI JSON encoding. Depending on whether your data-fabric cluster has security enabled, TLS is either enabled or disabled, by default, for the gRPC service. When TLS is enabled, the SSL provider is OpenSSL.

The service runs on nodes in your data-fabric cluster. You can install the service manually or by using the Installer. Both installation methods support upgrades of existing data-fabric clusters. When installing the service, you can decide the number of nodes on which to install the service. The number of nodes you need depends on your scalability requirements.

Regardless of your scalability requirements, you should install the service on at least two nodes to provide high availability. To load balance requests and to achieve high availability and failover, you must use an external load balancer. For recommendations and best practices when using an external load balancer with gRPC, see gRPC Load Balancing.

The service runs as user mapr. However, the service issues all data access calls on behalf of the user requesting the data. For example, if user john is running the client application, the service reads data using the authorization of john, not mapr.

All traffic between the Data Access Gateway and other data-fabric services is encrypted. This is done regardless of whether the underlying data-fabric file system volume has encryption enabled.

Warden manages the Data Fabric Data Access Gateway. It handles stopping and starting of the service during node failovers and also controls the amount of memory assigned to the service.