DOCSLIB.ORG

Securekeeper: Confidential Zookeeper Using Intel

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

SecureKeeper: Confidential ZooKeeper using Intel SGX Stefan Brenner Colin Wulf David Goltzsche TU Braunschweig, Germany TU Braunschweig, Germany TU Braunschweig, Germany [email protected] [email protected] [email protected] Nico Weichbrodt Matthias Lorenz Christof Fetzer TU Braunschweig, Germany TU Braunschweig, Germany TU Dresden, Germany [email protected] [email protected] [email protected] Peter Pietzuch Rüdiger Kapitza Imperial College London, UK TU Braunschweig, Germany [email protected] [email protected] ABSTRACT 1. INTRODUCTION Cloud computing, while ubiquitous, still suffers from trust Cloud computing has become ubiquitous due to its bene- issues, especially for applications managing sensitive data. fits to both cloud customers and providers [1]. Using public Third-party coordination services such as ZooKeeper and cloud resources, however, requires customers to fully trust Consul are fundamental building blocks for cloud applica- the provided software and hardware stacks as well as the tions, but are exposed to potentially sensitive application cloud administrators. This forms an inhibitor when sensi- data. Recently, hardware trust mechanisms such as Intel's tive data must be processed [2, 3]. Software Guard Extensions (SGX) offer trusted execution With Software Guard Extensions (SGX), Intel recently re- environments to shield application data from untrusted soft- leased a new technology [4] for addressing trust issues that ware, including the privileged Operating System (OS) and customers face when outsourcing services to off-site loca- hypervisors. Such hardware support suggests new options tions. Based on an instruction set extension, it allows the for securing third-party coordination services. creation of one or more trusted execution environments| We describe SecureKeeper, an enhanced version of the called enclaves|inside applications. Thereby, the plaintext ZooKeeper coordination service that uses SGX to pre- of enclave-protected data is only available for computation serve the confidentiality and basic integrity of ZooKeeper- inside the CPU, and it is encrypted as soon as the data leaves managed data. SecureKeeper uses multiple small enclaves the CPU. This way enclave-residing data is even guarded to ensure that (i) user-provided data in ZooKeeper is al- against unauthorized accesses by higher privileged code and ways kept encrypted while not residing inside an enclave, attackers with administrative rights and physical access. and (ii) essential processing steps that demand plaintext ac- While enclaves were originally designed to host tailored cess can still be performed securely. SecureKeeper limits code for specific tasks, e.g. digital rights or password man- the required changes to the ZooKeeper code base and re- agement [5], Baumann et al. [6] proposed Haven that ex- lies on Java's native code support for accessing enclaves. ecutes unmodified legacy Windows applications inside en- With an overhead of 11%, the performance of SecureKeeper claves. These application enclaves are convenient for secur- with SGX is comparable to ZooKeeper with secure commu- ing entire legacy applications but have two significant draw- nication, while providing much stronger security guarantees backs: (i) current SGX-capable CPUs restrict the maximum with a minimal trusted code base of a few thousand lines of memory footprint of all enclaves to 128 MB. If an applica- code. tion has a larger memory footprint, an SGX-specific form of in-memory paging between trusted and untrusted memory is required, which requires costly re-encryption of enclave CCS Concepts pages with a substantial performance overhead; and (ii) by •Security and privacy ! Distributed systems security; placing whole applications and associated system support in- side an enclave, the resulting large trusted code base (TCB) poses a risk of including security relevant vulnerabilities [7]. Keywords Based on these observations, we argue that application Cloud Computing, Intel SGX, Apache ZooKeeper enclaves that contain entire applications are a poor fit for legacy services if tailored solutions are easy to implement Permission to make digital or hard copies of all or part of this work for personal or and integrate. In particular, this applies to existing data- classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation handling services that receive, store and return data on be- on the first page. Copyrights for components of this work owned by others than the half of clients while performing limited data processing. Ex- author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or amples include simple key-value stores [8], web servers [9{ republish, to post on servers or to redistribute to lists, requires prior specific permission 11], and, as highlighted in this paper, coordination services and/or a fee. Request permissions from [email protected]. such as ZooKeeper [12]. For such services, data confiden- Middleware’16, December 12 - 16, 2016, Trento, Italy tiality and basic integrity can be preserved using small spe- © 2016 Copyright held by the owner/author(s). Publication rights licensed to ACM. ISBN 978-1-4503-4300-8/16/12. $15.00 cialized enclaves, which can be integrated with the original DOI: http://dx.doi.org/10.1145/2988336.2988350 code base with only few changes. © ACM, 2016. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the proceedings of the 17th ACM Middleware conference (2016). http://dx.doi.org/10.1145/2988336.2988350 ZooKeeper is a crucial building block for many distributed Agreement Agreement applications, e.g. used as naming service, for configuration Replica1 Replica2 Replica3,L Replica4 Replica5 management, general message exchange and coordination tasks. It therefore manages sensitive application informa- Client1 Client2 Client3 Client4 Client5 Client6 Client7 Client8 tion, i.e., including access tokens and credentials when used Figure 1: General architecture of ZooKeeper. for configuration management. Albeit typically not user fac- ing, ZooKeeper constitutes a key component in public cloud infrastructures that must be secured against attacks, espe- guarantees and limitations in Section 7. Finally, we discuss cially data theft carried out by insiders. related work in Section 8 and draw conclusions in Section 9. As a data-handling service, ZooKeeper features a simple file system like API, with some data processing functional- 2. BACKGROUND ity. Thus, data managed by ZooKeeper can be processed in To motivate the design of SecureKeeper, we first give a an encrypted state most of the time and only occasionally brief introduction to Apache ZooKeeper thereby discussing plaintext access is necessary. This functionality needs to be its nature as a data-handling service, second we provide factored out and executed under the protection of SGX. In essential details of SGX and finally outline an SGX-aware contrast to application enclaves, this way all data handling threat model. code that does not perform data processing is removed from the TCB. For ZooKeeper, this includes the entire Operating 2.1 Data handling in Apache ZooKeeper System (OS), the Java runtime environment as well as most Apache ZooKeeper [12] is a coordination service, allowing of the original service implementation itself. Furthermore, distributed applications the easy implementation of coordi- as data stays encrypted most of the time, it can be stored nation primitives. Such primitives may be naming, configu- outside of enclaves, only adding to the memory footprint ration management, leader election, group membership, bar- of the enclave when required. This leads to substantially riers and distributed locks. This exposes ZooKeeper to han- smaller enclaves, staying within the bounds of the 128 MB dle potentially sensitive application data, especially when limit of total enclave memory resulting in good performance. used for distributed configuration management. We describe SecureKeeper, an SGX-based ZooKeeper As shown in Figure 1, ZooKeeper is implemented as a extension that demonstrates how a complex data-handling fault-tolerant service, typically featuring at least three repli- service can be secured using SGX. SecureKeeper preserves cas. Clients connect to one of these and switch over to an- confidentiality and provides basic integrity of service data, other in case it crashes. ZooKeeper-managed data is orga- even against privileged code and attackers with physical nized hierarchically as a tree that is accessed via a simple file access. These security guarantees are enforced through a system like Application Progamming Interface (API). This minimally-invasive integration of two enclave types: (i) an data tree is composed of znodes, resembling a mixture of entry enclave is instantiated for each client and responsible folders and files: znodes can have payload data and other for protecting the client-replica connection and the data se- child znodes at the same time. curity of the ZooKeeper data store; (ii) a counter enclave is ZooKeeper globally orders all write requests via the leader instantiated only once at the leader replica of the ZooKeeper replica (marked L in Figure 1) using the ZAB [14] agreement cluster, and handles special write requests of sequential no- protocol. Additionally, ZooKeeper
Recommended publications
  • Scalable Cloud Computing

    Scalable Cloud Computing

    Scalable Cloud Computing Keijo Heljanko Department of Computer Science and Engineering School of Science Aalto University [email protected] 2.10-2013 Mobile Cloud Computing - Keijo Heljanko (keijo.heljanko@aalto.fi) 1/57 Guest Lecturer I Guest Lecturer: Assoc. Prof. Keijo Heljanko, Department of Computer Science and Engineering, Aalto University, I Email: [email protected] I Homepage: https://people.aalto.fi/keijo_heljanko I For more info into today’s topic, attend the course: “T-79.5308 Scalable Cloud Computing” Mobile Cloud Computing - Keijo Heljanko (keijo.heljanko@aalto.fi) 2/57 Business Drivers of Cloud Computing I Large data centers allow for economics of scale I Cheaper hardware purchases I Cheaper cooling of hardware I Example: Google paid 40 MEur for a Summa paper mill site in Hamina, Finland: Data center cooled with sea water from the Baltic Sea I Cheaper electricity I Cheaper network capacity I Smaller number of administrators / computer I Unreliable commodity hardware is used I Reliability obtained by replication of hardware components and a combined with a fault tolerant software stack Mobile Cloud Computing - Keijo Heljanko (keijo.heljanko@aalto.fi) 3/57 Cloud Computing Technologies A collection of technologies aimed to provide elastic “pay as you go” computing I Virtualization of computing resources: Amazon EC2, Eucalyptus, OpenNebula, Open Stack Compute, . I Scalable file storage: Amazon S3, GFS, HDFS, . I Scalable batch processing: Google MapReduce, Apache Hadoop, PACT, Microsoft Dryad, Google Pregel, Spark, ::: I Scalable datastore: Amazon Dynamo, Apache Cassandra, Google Bigtable, HBase,. I Distributed Coordination: Google Chubby, Apache Zookeeper, . I Scalable Web applications hosting: Google App Engine, Microsoft Azure, Heroku, .
  • Zookeeper Administrator's Guide

    Zookeeper Administrator's Guide

    ZooKeeper Administrator's Guide A Guide to Deployment and Administration by Table of contents 1 Deployment........................................................................................................................ 2 1.1 System Requirements....................................................................................................2 1.2 Clustered (Multi-Server) Setup.....................................................................................2 1.3 Single Server and Developer Setup..............................................................................4 2 Administration.................................................................................................................... 4 2.1 Designing a ZooKeeper Deployment........................................................................... 5 2.2 Provisioning.................................................................................................................. 6 2.3 Things to Consider: ZooKeeper Strengths and Limitations..........................................6 2.4 Administering................................................................................................................6 2.5 Maintenance.................................................................................................................. 6 2.6 Supervision....................................................................................................................7 2.7 Monitoring.....................................................................................................................8
  • Talend Open Studio for Big Data Release Notes

    Talend Open Studio for Big Data Release Notes

    Talend Open Studio for Big Data Release Notes 6.0.0 Talend Open Studio for Big Data Adapted for v6.0.0. Supersedes previous releases. Publication date July 2, 2015 Copyleft This documentation is provided under the terms of the Creative Commons Public License (CCPL). For more information about what you can and cannot do with this documentation in accordance with the CCPL, please read: http://creativecommons.org/licenses/by-nc-sa/2.0/ Notices Talend is a trademark of Talend, Inc. All brands, product names, company names, trademarks and service marks are the properties of their respective owners. License Agreement The software described in this documentation is licensed under the Apache License, Version 2.0 (the "License"); you may not use this software except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.html. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. This product includes software developed at AOP Alliance (Java/J2EE AOP standards), ASM, Amazon, AntlR, Apache ActiveMQ, Apache Ant, Apache Avro, Apache Axiom, Apache Axis, Apache Axis 2, Apache Batik, Apache CXF, Apache Cassandra, Apache Chemistry, Apache Common Http Client, Apache Common Http Core, Apache Commons, Apache Commons Bcel, Apache Commons JxPath, Apache
  • HDP 3.1.4 Release Notes Date of Publish: 2019-08-26

    HDP 3.1.4 Release Notes Date of Publish: 2019-08-26

    Release Notes 3 HDP 3.1.4 Release Notes Date of Publish: 2019-08-26 https://docs.hortonworks.com Release Notes | Contents | ii Contents HDP 3.1.4 Release Notes..........................................................................................4 Component Versions.................................................................................................4 Descriptions of New Features..................................................................................5 Deprecation Notices.................................................................................................. 6 Terminology.......................................................................................................................................................... 6 Removed Components and Product Capabilities.................................................................................................6 Testing Unsupported Features................................................................................ 6 Descriptions of the Latest Technical Preview Features.......................................................................................7 Upgrading to HDP 3.1.4...........................................................................................7 Behavioral Changes.................................................................................................. 7 Apache Patch Information.....................................................................................11 Accumulo...........................................................................................................................................................
  • Analysis and Detection of Anomalies in Mobile Devices

    Analysis and Detection of Anomalies in Mobile Devices

    Master’s Degree in Informatics Engineering Dissertation Final Report Analysis and detection of anomalies in mobile devices António Carlos Lagarto Cabral Bastos de Lima [email protected] Supervisor: Prof. Dr. Tiago Cruz Co-Supervisor: Prof. Dr. Paulo Simões Date: September 1, 2017 Master’s Degree in Informatics Engineering Dissertation Final Report Analysis and detection of anomalies in mobile devices António Carlos Lagarto Cabral Bastos de Lima [email protected] Supervisor: Prof. Dr. Tiago Cruz Co-Supervisor: Prof. Dr. Paulo Simões Date: September 1, 2017 i Acknowledgements I strongly believe that both nature and nurture playing an equal part in shaping an in- dividual, and that in the end, it is what you do with the gift of life that determines who you are. However, in order to achieve great things motivation alone might just not cut it, and that’s where surrounding yourself with people that want to watch you succeed and better yourself comes in. It makes the trip easier and more enjoyable, and there is a plethora of people that I want to acknowledge for coming this far. First of all, I’d like to thank professor Tiago Cruz for giving me the support, motivation and resources to work on this project. The idea itself started over one of our then semi- regular morning coffee conversations and from there it developed into a full-fledged concept quickly. But this acknowledgement doesn’t start there, it dates a few years back when I first had the pleasure of having him as my teacher in one of the introductory courses.
  • Open Source and Third Party Documentation

    Open Source and Third Party Documentation

    Open Source and Third Party Documentation Verint.com Twitter.com/verint Facebook.com/verint Blog.verint.com Content Introduction.....................2 Licenses..........................3 Page 1 Open Source Attribution Certain components of this Software or software contained in this Product (collectively, "Software") may be covered by so-called "free or open source" software licenses ("Open Source Components"), which includes any software licenses approved as open source licenses by the Open Source Initiative or any similar licenses, including without limitation any license that, as a condition of distribution of the Open Source Components licensed, requires that the distributor make the Open Source Components available in source code format. A license in each Open Source Component is provided to you in accordance with the specific license terms specified in their respective license terms. EXCEPT WITH REGARD TO ANY WARRANTIES OR OTHER RIGHTS AND OBLIGATIONS EXPRESSLY PROVIDED DIRECTLY TO YOU FROM VERINT, ALL OPEN SOURCE COMPONENTS ARE PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. Any third party technology that may be appropriate or necessary for use with the Verint Product is licensed to you only for use with the Verint Product under the terms of the third party license agreement specified in the Documentation, the Software or as provided online at http://verint.com/thirdpartylicense. You may not take any action that would separate the third party technology from the Verint Product. Unless otherwise permitted under the terms of the third party license agreement, you agree to only use the third party technology in conjunction with the Verint Product.
  • Hortonworks Data Platform Date of Publish: 2018-09-21

    Hortonworks Data Platform Date of Publish: 2018-09-21

    Release Notes 3 Hortonworks Data Platform Date of Publish: 2018-09-21 http://docs.hortonworks.com Contents HDP 3.0.1 Release Notes..........................................................................................3 Component Versions.............................................................................................................................................3 New Features........................................................................................................................................................ 3 Deprecation Notices..............................................................................................................................................4 Terminology.............................................................................................................................................. 4 Removed Components and Product Capabilities.....................................................................................4 Unsupported Features........................................................................................................................................... 4 Technical Preview Features......................................................................................................................4 Upgrading to HDP 3.0.1...................................................................................................................................... 5 Before you begin.....................................................................................................................................
  • Talend ESB Development Guide

    Talend ESB Development Guide

    Talend ESB Development Guide 7.0.1 Talend ESB Adapted for v7.0.1. Supersedes previous releases. Publication date: April 13, 2018 Copyright © 2018 Talend Inc. All rights reserved. Copyleft This documentation is provided under the terms of the Creative Commons Public License (CCPL). For more information about what you can and cannot do with this documentation in accordance with the CCPL, please read: http://creativecommons.org/licenses/by-nc-sa/2.0/ This document may include documentation produced at The Apache Software Foundation which is licensed under The Apache License 2.0. Notices Talend and Talend ESB are trademarks of Talend, Inc. Apache CXF, CXF, Apache Karaf, Karaf, Apache Cellar, Cellar, Apache Camel, Camel, Apache Maven, Maven, Apache Archiva, Archiva, Apache Syncope, Syncope, Apache ActiveMQ, ActiveMQ, Apache Log4j, Log4j, Apache Felix, Felix, Apache ServiceMix, ServiceMix, Apache Ant, Ant, Apache Derby, Derby, Apache Tomcat, Tomcat, Apache ZooKeeper, ZooKeeper, Apache Jackrabbit, Jackrabbit, Apache Santuario, Santuario, Apache DS, DS, Apache Avro, Avro, Apache Abdera, Abdera, Apache Chemistry, Chemistry, Apache CouchDB, CouchDB, Apache Kafka, Kafka, Apache Lucene, Lucene, Apache MINA, MINA, Apache Velocity, Velocity, Apache FOP, FOP, Apache HBase, HBase, Apache Hadoop, Hadoop, Apache Shiro, Shiro, Apache Axiom, Axiom, Apache Neethi, Neethi, Apache WSS4J, WSS4J are trademarks of The Apache Foundation. Eclipse Equinox is a trademark of the Eclipse Foundation, Inc. SoapUI is a trademark of SmartBear Software. Hyperic is a trademark
  • Technology Overview

    Technology Overview

    Big Data Technology Overview Term Description See Also Big Data - the 5 Vs Everyone Must Volume, velocity and variety. And some expand the definition further to include veracity 3 Vs Know and value as well. 5 Vs of Big Data From Wikipedia, “Agile software development is a group of software development methods based on iterative and incremental development, where requirements and solutions evolve through collaboration between self-organizing, cross-functional teams. Agile The Agile Manifesto It promotes adaptive planning, evolutionary development and delivery, a time-boxed iterative approach, and encourages rapid and flexible response to change. It is a conceptual framework that promotes foreseen tight iterations throughout the development cycle.” A data serialization system. From Wikepedia, Avro Apache Avro “It is a remote procedure call and serialization framework developed within Apache's Hadoop project. It uses JSON for defining data types and protocols, and serializes data in a compact binary format.” BigInsights Enterprise Edition provides a spreadsheet-like data analysis tool to help Big Insights IBM Infosphere Biginsights organizations store, manage, and analyze big data. A scalable multi-master database with no single points of failure. Cassandra Apache Cassandra It provides scalability and high availability without compromising performance. Cloudera Inc. is an American-based software company that provides Apache Hadoop- Cloudera Cloudera based software, support and services, and training to business customers. Wikipedia - Data Science Data science The study of the generalizable extraction of knowledge from data IBM - Data Scientist Coursera Big Data Technology Overview Term Description See Also Distributed system developed at Google for interactively querying large datasets. Dremel Dremel It empowers business analysts and makes it easy for business users to access the data Google Research rather than having to rely on data engineers.
  • Hadoop Programming Options

    Hadoop Programming Options

    "Web Age Speaks!" Webinar Series Hadoop Programming Options Introduction Mikhail Vladimirov Director, Curriculum Architecture [email protected] Web Age Solutions Providing a broad spectrum of regular and customized training classes in programming, system administration and architecture to our clients across the world for over ten years ©WebAgeSolutions.com 2 Overview of Talk Hadoop Overview Hadoop Analytics Systems HDFS and MapReduce v1 & v2 (YARN) Hive Sqoop ©WebAgeSolutions.com 3 Hadoop Programming Options Hadoop Ecosystem Hadoop Hadoop is a distributed fault-tolerant computing platform written in Java Modeled after shared-nothing, massively parallel processing (MPP) system design Hadoop's design was influenced by ideas published in Google File System (GFS) and MapReduce white papers Hadoop can be used as a data hub, data warehouse or an analytic platform ©WebAgeSolutions.com 5 Hadoop Core Components The Hadoop project is made up of three main components: Common • Contains Hadoop infrastructure elements (interfaces with HDFS, system libraries, RPC connectors, Hadoop admin scripts, etc.) Hadoop Distributed File System • Hadoop Distributed File System (HDFS) running on clusters of commodity hardware built around the concept: load once and read many times MapReduce • A distributed data processing framework used as data analysis system ©WebAgeSolutions.com 6 Hadoop Simple Definition In a nutshell, Hadoop is a distributed computing framework that consists of: Reliable data storage (provided via HDFS) Analysis system
  • Pentaho Metadata 7.1.0.0 Open Source Software Packages

    Pentaho Metadata 7.1.0.0 Open Source Software Packages

    Pentaho Metadata 7.1.0.0 Open Source Software Packages Contact Information: Project Manager Pentaho Metadata Hitachi Vantara Corporation 2535 Augustine Drive Santa Clara, California 95054 Name of Product/Product Component Version License [ini4j] 0.5.1 Apache License Version 2.0 A Java library for reading/writing Excel 2.5.7 LGPL 2.1 ActiveIO :: Core 3.1.4 Apache License Version 2.0 ActiveMQ :: Apache Karaf 5.10.0 Apache License Version 2.0 ActiveMQ :: Camel 5.10.0 Apache License Version 2.0 ActiveMQ :: OSGi bundle 5.10.0 Apache License Version 2.0 An open source Java toolkit for Amazon 0.9.0 Apache License Version 2.0 S3 Angular UI Router 0.3.0 angular.js.mit.v2 angular.js 1.2.15 angular.js.mit.v2 angular.js 1.5.8 angular.js.mit.v2 angular-animate-1.5.6 1.5.6 angular.js.mit.v2 Name of Product/Product Component Version License angular-route 1.5.6 angular.js.mit.v2 angular-sanitize-1.5.6 1.5.6 angular.js.mit.v2 angular-translate 2.3.0 angular.js.mit.v2 angular-translate-2.12.1 2.12.1 angular.bootstrap.mit.v2 angular-translate-2.12.1 2.12.1 angular.js.mit.v2 AngularUI Bootstrap 0.6.0 angular.bootstrap.mit.v2 AngularUI Bootstrap 1.3.3 angular.bootstrap.mit.v2 Annotation 1.0 1.1.1 Apache License Version 2.0 Annotation 1.1 1.0.1 Apache License Version 2.0 ANTLR 3 Complete 3.5.2 ANTLR License Antlr 3.4 Runtime 3.4 ANTLR License ANTLR, ANother Tool for Language 2.7.7 ANTLR License Recognition AOP Alliance (Java/J2EE AOP standard) 1.0 Public Domain Apache Ant Core 1.9.1 Apache License Version 2.0 Name of Product/Product Component Version License
  • Apache Zookeeper Essentials Kindle

    Apache Zookeeper Essentials Kindle

    APACHE ZOOKEEPER ESSENTIALS PDF, EPUB, EBOOK Saurav Haloi | 168 pages | 31 Jan 2015 | Packt Publishing Limited | 9781784391324 | English | Birmingham, United Kingdom Apache ZooKeeper Essentials PDF Book Graphs are used to model many kinds of data, like the Friends relationships between Facebook users. It is mandatory to procure user consent prior to running these cookies on your website. Flink leverages ZooKeeper for distributed coordination between all running JobManager instances. In order to run these large systems correctly and efficiently, processes within these systems should have some sort of agreement among themselves; this agreement is also known as distributed coordination. It is probably not running. Assumptions Reality The network is reliable In reality, the network or the interconnection among the components can fail due to internal errors in the system or due to external factors such as power failure. In order to identify a distributed system, here are the key characteristics that you need to look out for:. Checking the status of ZooKeeper when it has stopped or is not running will show the following result:. ZooKeeper is used for cluster messaging, service bootstrapping, and service coordination [1]. Structure can be projected onto data already in storage. The C-based ZooKeeper shell uses these libraries for its execution. Home Testing. Apache ZooKeeper provides a simple interface to a centralized coordinating service for distributed applications through a rich set of APIs and primitives, enabling developers to concentrate on the core logic of their applications. If you are running Confluent Server, by default it runs an HTTP server on port , which you can customize with the configuration parameter confluent.