Submit Search
Upload
Securing Hadoop with Apache Ranger
•
79 likes
•
20,700 views
DataWorks Summit
Follow
Hadoop Summit 2015
Read less
Read more
Technology
Report
Share
Report
Share
1 of 37
Recommended
Hadoop security
Hadoop security
Shivaji Dutta
Apache Ranger
Apache Ranger
Rommel Garcia
Apache Hadoop Security - Ranger
Apache Hadoop Security - Ranger
Isheeta Sanghi
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem
DataWorks Summit/Hadoop Summit
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
Hive + Tez: A Performance Deep Dive
Hive + Tez: A Performance Deep Dive
DataWorks Summit
HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBase
enissoz
Cassandra Introduction & Features
Cassandra Introduction & Features
DataStax Academy
Recommended
Hadoop security
Hadoop security
Shivaji Dutta
Apache Ranger
Apache Ranger
Rommel Garcia
Apache Hadoop Security - Ranger
Apache Hadoop Security - Ranger
Isheeta Sanghi
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem
DataWorks Summit/Hadoop Summit
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
Hive + Tez: A Performance Deep Dive
Hive + Tez: A Performance Deep Dive
DataWorks Summit
HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBase
enissoz
Cassandra Introduction & Features
Cassandra Introduction & Features
DataStax Academy
Dataflow with Apache NiFi
Dataflow with Apache NiFi
DataWorks Summit/Hadoop Summit
Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing
DataWorks Summit
Hadoop Security Architecture
Hadoop Security Architecture
Owen O'Malley
HBase Low Latency
HBase Low Latency
DataWorks Summit
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
Vinay Shukla
What's New in Apache Hive
What's New in Apache Hive
DataWorks Summit
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
mumrah
Hive 3 - a new horizon
Hive 3 - a new horizon
Thejas Nair
Intro to HBase
Intro to HBase
alexbaranau
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Flink Forward
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data Processing
DataWorks Summit
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
DataWorks Summit
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big Data
DataWorks Summit
Overview of new features in Apache Ranger
Overview of new features in Apache Ranger
DataWorks Summit
Apache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data Processing
DataWorks Summit
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
Managing your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache Ambari
DataWorks Summit
Apache Kafka Best Practices
Apache Kafka Best Practices
DataWorks Summit/Hadoop Summit
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
DataWorks Summit
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
Stenio Ferreira
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
DataWorks Summit
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
huguk
More Related Content
What's hot
Dataflow with Apache NiFi
Dataflow with Apache NiFi
DataWorks Summit/Hadoop Summit
Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing
DataWorks Summit
Hadoop Security Architecture
Hadoop Security Architecture
Owen O'Malley
HBase Low Latency
HBase Low Latency
DataWorks Summit
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
Vinay Shukla
What's New in Apache Hive
What's New in Apache Hive
DataWorks Summit
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
mumrah
Hive 3 - a new horizon
Hive 3 - a new horizon
Thejas Nair
Intro to HBase
Intro to HBase
alexbaranau
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Flink Forward
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data Processing
DataWorks Summit
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
DataWorks Summit
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big Data
DataWorks Summit
Overview of new features in Apache Ranger
Overview of new features in Apache Ranger
DataWorks Summit
Apache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data Processing
DataWorks Summit
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
Managing your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache Ambari
DataWorks Summit
Apache Kafka Best Practices
Apache Kafka Best Practices
DataWorks Summit/Hadoop Summit
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
DataWorks Summit
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
Stenio Ferreira
What's hot
(20)
Dataflow with Apache NiFi
Dataflow with Apache NiFi
Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing
Hadoop Security Architecture
Hadoop Security Architecture
HBase Low Latency
HBase Low Latency
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
What's New in Apache Hive
What's New in Apache Hive
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Hive 3 - a new horizon
Hive 3 - a new horizon
Intro to HBase
Intro to HBase
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data Processing
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big Data
Overview of new features in Apache Ranger
Overview of new features in Apache Ranger
Apache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data Processing
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
Managing your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache Ambari
Apache Kafka Best Practices
Apache Kafka Best Practices
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
Similar to Securing Hadoop with Apache Ranger
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
DataWorks Summit
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
huguk
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
DataWorks Summit
Improvements in Hadoop Security
Improvements in Hadoop Security
DataWorks Summit
Security and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache Atlas
DataWorks Summit/Hadoop Summit
TriHUG October: Apache Ranger
TriHUG October: Apache Ranger
trihug
Improvements in Hadoop Security
Improvements in Hadoop Security
Chris Nauroth
Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...
DataWorks Summit
August 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for Hadoop
Yahoo Developer Network
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Seetharam Venkatesh
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
DataWorks Summit
Saving the elephant—now, not later
Saving the elephant—now, not later
DataWorks Summit
Building a data-driven authorization framework
Building a data-driven authorization framework
DataWorks Summit
August 2014 HUG : Hive 13 Security
August 2014 HUG : Hive 13 Security
Yahoo Developer Network
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?
DataWorks Summit/Hadoop Summit
Classification based security in Hadoop
Classification based security in Hadoop
Madhan Neethiraj
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Hortonworks
Atlas and ranger epam meetup
Atlas and ranger epam meetup
Alex Zeltov
Enterprise Data Classification and Provenance
Enterprise Data Classification and Provenance
DataWorks Summit/Hadoop Summit
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem
Bryan Bende
Similar to Securing Hadoop with Apache Ranger
(20)
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
Improvements in Hadoop Security
Improvements in Hadoop Security
Security and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache Atlas
TriHUG October: Apache Ranger
TriHUG October: Apache Ranger
Improvements in Hadoop Security
Improvements in Hadoop Security
Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...
August 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for Hadoop
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Saving the elephant—now, not later
Saving the elephant—now, not later
Building a data-driven authorization framework
Building a data-driven authorization framework
August 2014 HUG : Hive 13 Security
August 2014 HUG : Hive 13 Security
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?
Classification based security in Hadoop
Classification based security in Hadoop
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Atlas and ranger epam meetup
Atlas and ranger epam meetup
Enterprise Data Classification and Provenance
Enterprise Data Classification and Provenance
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem
More from DataWorks Summit
Data Science Crash Course
Data Science Crash Course
DataWorks Summit
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
DataWorks Summit
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
DataWorks Summit
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...
DataWorks Summit
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
DataWorks Summit
Managing the Dewey Decimal System
Managing the Dewey Decimal System
DataWorks Summit
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist Example
DataWorks Summit
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at Uber
DataWorks Summit
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
DataWorks Summit
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
DataWorks Summit
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability Improvements
DataWorks Summit
Security Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
DataWorks Summit
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything Engine
DataWorks Summit
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
DataWorks Summit
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
DataWorks Summit
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
DataWorks Summit
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
DataWorks Summit
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near You
DataWorks Summit
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
DataWorks Summit
More from DataWorks Summit
(20)
Data Science Crash Course
Data Science Crash Course
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Managing the Dewey Decimal System
Managing the Dewey Decimal System
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist Example
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at Uber
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Security Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything Engine
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near You
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Recently uploaded
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Recently uploaded
(20)
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Securing Hadoop with Apache Ranger
1.
Page1 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Securing Hadoop With Apache Ranger Strategies & Best Practices 11 June 2015 – Hadoop Summit, San Jose Presented by: Selvamohan Neethiraj, Hortonworks Velmurugan Periasamy, Hortonworks
2.
Page2 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Session overview Secured by:
3.
Page3 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Speakers Introduction Selvamohan Neethiraj Senior Director, Enterprise Security Development, HortonWorks Velmurugan Periasamy Senior Technical Manager, HortonWorks
4.
Page4 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
5.
Page5 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Universal Security Principles • Authentication – Who is the user? • Authorization – What can the user do? • Auditing – Record user’s activities • Data Integrity – It is what it is • Confidentiality – Restricted
6.
Page6 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved How Hadoop handles security? • Authentication [Simple, Kerberos] • Authorization [Acl on files/folders] • Auditing [audit log on hosts] • Data Integrity [SSL communication] • Confidentiality [TDE]
7.
Page7 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Security on Hadoop tool sets • Hdfs • Hive • Hbase • Knox • Storm • Oozie • Spark • Kafka • Solr • KMS
8.
Page8 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
9.
Page9 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Example Access Scenario HDFS HDFS ACL HDFS audit log Users Access HDFS file/folder HDFS checks its ACL HDFS Writes audit Hive Hive Authoriza tion Hive audit log Hive authz check Hive Writes audit Access Hive table HBase HBase ACL Hbase audit log Hbase authz check HBase Writes audit Access Hbase table
10.
Page10 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Example Access Scenario with Ranger HDFS HDFS ACL Users Access HDFS file/folder Plugin Enforces policies And writes audit Hive Hive Authoriza tion Plugin Enforces policies And writes audit Plugins Write to Centralized Audit store Access Hive table HBase HBase ACL Plugin Enforces policies And writes audit Access Hbase table Ranger Policy store Ranger Audit store Ranger Plugin Ranger Plugin Ranger Plugin Plugins Download Defined Policies from Centralized Policy store Centralized Security Policy Management and Auditing provided by Ranger
11.
Page11 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Core Ranger Features: • Ranger 0.4.0 • Authorization Support for HDFS, Hive, HBase, Knox, Storm • Audit destination support for HDFS, DB • Ranger 0.5.0 (Released yesterday!) • Support for High Availability (HA) • Support for Transparent Data Encryption with KMS implementation • Support for more plugins (Yarn, Kafka, Solr) • Solr as audit destination • Stack based implementation of Plugins • Dynamic policies with many other attributes • Internal permission model within Ranger Admin UI • Tighter integration with Apache Ambari
12.
Page12 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger: Centralized Policy Admin
13.
Page13 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Architecture Ranger Policy Admin Server Ranger User Sync Server HDFS Ranger Plugin Enterprise Directory Services Sync Users Security Administrators Enterprise Users Define Policies Audit user activity Sync Users Enterprise Legacy Systems Policy Integration Access Data in Hadoop Systems Authenticate Ranger Plugins Authorize the Access & Audit the Activity Hive Ranger Plugin HBase Ranger Plugin Knox Ranger Plugin Storm Ranger Plugin Ranger Audit Store Sync Policies Store Audit Activity Ranger Policy DB
14.
Page14 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Apache Ranger Summary • Comprehensive security for Hadoop ecosystem • Apache Incubator Project – 100% open source • Centralized Administration of Security Policies • Integration with HDFS, Hive, Hbase, Knox, Storm, … • More components integration coming • Ensures consistent coverage across entire Hadoop stack
15.
Page15 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Implementation - components Central interface for security administration. Users can create and update policies, view audit activities, manage users Ranger policy admin server Synchronization utility to pull users and groups from Unix or LDAP or Active Directory. User/group information is stored within Ranger admin policy DB and used for policy definition. Ranger user sync server Lightweight Java programs within Hadoop component. Pull in policies from policy admin server and store them locally in cache. Act as Authorization module and evaluate user requests against security policies before granting access. Collect data from user request and store this data into the audit store. Ranger plugins
16.
Page16 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Policy Admin Server • Provides web interface to support ranger activities • Define repositories (resources to be authorized) • Define access policies (specify which users/groups can access to which resources) • Manage users/groups • Define auditing policies • View/Analyze audit data • Runs embedded tomcat server • Supports LDAP/AD and Unix authentication
17.
Page17 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger User/Group Sync Server • Stand-alone Java server • Retrieves users/groups from enterprise directories • Creates these users/groups in Ranger DB for.. • supporting policy definition • allowing access to Ranger policy admin server • Supports Synchronization of users/groups: • LDAP • Active Directory • Unix
18.
Page18 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HDFS Integration • HDFS Permissions • POSIX like permission model (owner/group for files and folders) • ACL’s for fine-grained permissions (for specific set of users/groups) • hdfs dfs -getfacl [-R] <path> • hdfs dfs -setfacl [-R] [options] <path> • dfs.permissions.enabled must be set to true
19.
Page19 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HDFS Integration • Ranger Plugin acts as an authorizer within Namenode. • Need to install in all name nodes (in HA environment) • User can define policies on files and folders • Use of wildcard to define policies (/finance/audit_*) • Read, Write, Execute permissions are allowed • Plugin evaluates HDFS requests and provide access • If no specific ranger policy exists, HDFS ACLs are used as fallback
20.
Page20 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • Hive facilitates querying and managing large datasets in distributed storage (on top of Hadoop) • HiveServer2 (HS2) is a server interface to Hive • HiveServer2 supports Access Control similar to relational database model • SELECT/UPDATE/DELETE permissions on tables/columns • Permission defined for USERS/ROLES • Also provides a pluggable authorizer model
21.
Page21 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • Ranger Plugin acts as authorization provider for Hive Server2 • User can define policies on databases, tables/view, columns and UDFs • Select, Update, Create, Drop, Alter, Index, Lock Permissions allowed • Plugin evaluates Hive requests and grants/denies access based on the policies and creates necessary audit logs based on audit • Specific Ranger policy must exist for gaining access
22.
Page22 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • When the user executes GRANT/REVOKE statements, the hive plugin will creates/deletes necessary Ranger Policies (provided the user has permission to create/delete policies) • GRANT SELECT, UPDATE, ALTER ON TABLE test_data TO USER guest; ← will create a new Ranger policy • REVOKE UPDATE, ALTER ON TABLE test_data FROM USER guest; ← will update/delete existing Ranger policy • Also, ROLE specified in the GRANT/REVOKE statements will be mapped to corresponding GROUPS from your corporate directories • Optionally, you can disable GRANT/REVOKE commands i.e. to force authorization policies management solely via Ranger Policy Admin
23.
Page23 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Hbase is a non-relational DB on top of Hadoop/HDFS • HBase Provides Role Based Access Control/ACLs • ACLs are implemented as a coprocessor called AccessController • Ranger implements a similar coprocessor for enforcing access control based on Ranger Policies
24.
Page24 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Ranger Plugin is implemented as a coprocessor of HBase Master/Region Servers to enforce Ranger Policies • User can define policies on tables, column families and qualifiers • Supports wildcard in defining policies (table = fin_*, col_fam = audit*) • Read, Write, Create, Admin permissions allowed • Plugin evaluates Hbase requests and grants/denies access based on the policies and creates necessary audit logs based on audit • Specific ranger policy must exist for gaining access
25.
Page25 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Similar to Hive, Hbase also supports Grant/Revoke commands to manage access control from within Hbase shell. • Ranger HBase plug-in creates/updates Ranger policies to reflect permissions set via Grant/Revoke (from within Hbase) • grant ‘bob’, ‘RWCA’, ‘test_data’ ← will create a new Ranger policy • grant ‘bob’, ‘R’, ‘test_data’ ← will update the Ranger policy created by earlier grant; • Option to disable Grant/revoke commands i.e. to force authorization policies management solely via Ranger Policy Admin tool
26.
Page26 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Knox Integration • Knox provides perimeter security for Hadoop REST API • Authentication and token verification at the perimeter • Authentication integration with enterprise and cloud identity management systems • Service level authorization at the perimeter • Single URL hierarchy that aggregates REST APIs of a Hadoop cluster • Hadoop services with built-in support currently! • WebHDFS, WebHCat, Oozie • Hbase, Hive, Yarn
27.
Page27 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Knox Integration • Knox provides service level authorization based on xml configuration. • Ranger Knox Plugin will allow service level authorization enforcement via Ranger Policies by acting as Authz Provider within Knox Gateway • User can define policies on topologies and services • Provide access to services based on user/group/ip-address • E.g. Finance group will have access to WebHDFS from 10.1.1.* • Plugin evaluates Knox requests and grants/denies access based on the policies and creates necessary audit logs based on audit policies
28.
Page28 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Storm Integration • Storm is a distributed real-time computation system. • Storm provides general primitives for real-time computation similar to how Hadoop provides general primitives for batch processing. • Storm Topologies :: Hadoop MR Jobs • Nimbus server (runs on master node) and Supervisor (runs on each worker node). Communication via ZooKeeper • Storm security is implemented based on Kerberos authentication
29.
Page29 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Storm Integration • Ranger Plugin acts as an authorizer within Nimbus server • Ranger plugin then can authorize all incoming requests based on the Ranger Policies. • User can define policies on topologies • Permissions that can be set • getClusterInfo, Submit/Get/Kill/Activate/Deactivate Topology • Plugin evaluates Storm requests and grants/denies access based on the policies and creates necessary audit logs based on audit policies
30.
Page30 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Auditing • Auditing is configured through policies (like authorization) • Resource access audit supported with following attributes • User id, request type, repository, access resource, IP address, timestamp, access granted/denied • Admin audit • Changes to policies, login sessions and plugin-monitoring • Audit Destination - HDFS, SOLR are supported, along with custom LOG4J based logging …
31.
Page31 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
32.
Page32 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Demo
33.
Page33 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
34.
Page34 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Strategies & Best practices • Authentication Process • Kerberos is MUST • Centralized Access Control & Auditing • Use Ranger to define & enforce the security policies • Enable Wire encryption • For confidential data, use Hadoop TDE for data encryption (at rest) • Aware of file permission for keystore & kerberos keytab • Protect access to log files
35.
Page35 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Ranger Resources • Do NOT Miss BoF on Apache Ranger/Knox • Interested in Security ? -- Join Ranger Community to strengthen Hadoop Security!! • Join and Contribute! -- Apache Ranger website - http://ranger.incubator.apache.org/ -- Ranger Wiki - https://cwiki.apache.org/confluence/display/RANGER/Index
36.
Page36 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved References • http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop- hdfs/HdfsPermissionsGuide.html • https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization • http://hbase.apache.org/book/hbase.accesscontrol.configuration.html • https://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html • https://github.com/apache/storm/blob/master/SECURITY.md
37.
Page37 © Hortonworks
Inc. 2011 – 2015. All Rights Reserved Q & A Page 37