SlideShare a Scribd company logo

Securing Hadoop with Apache Ranger

DataWorks Summit
DataWorks Summit

Hadoop Summit 2015

Technology
1 of 37
Page1 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Securing Hadoop With Apache Ranger Strategies & Best Practices 11 June 2015 – Hadoop Summit, San Jose Presented by: Selvamohan Neethiraj, Hortonworks Velmurugan Periasamy, Hortonworks
Page2 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Session overview Secured by:
Page3 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Speakers Introduction Selvamohan Neethiraj Senior Director, Enterprise Security Development, HortonWorks Velmurugan Periasamy Senior Technical Manager, HortonWorks
Page4 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
Page5 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Universal Security Principles • Authentication – Who is the user? • Authorization – What can the user do? • Auditing – Record user’s activities • Data Integrity – It is what it is • Confidentiality – Restricted
Page6 © Hortonworks Inc. 2011 – 2015. All Rights Reserved How Hadoop handles security? • Authentication [Simple, Kerberos] • Authorization [Acl on files/folders] • Auditing [audit log on hosts] • Data Integrity [SSL communication] • Confidentiality [TDE]
Page7 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Security on Hadoop tool sets • Hdfs • Hive • Hbase • Knox • Storm • Oozie • Spark • Kafka • Solr • KMS
Page8 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
Page9 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Example Access Scenario HDFS HDFS ACL HDFS audit log Users Access HDFS file/folder HDFS checks its ACL HDFS Writes audit Hive Hive Authoriza tion Hive audit log Hive authz check Hive Writes audit Access Hive table HBase HBase ACL Hbase audit log Hbase authz check HBase Writes audit Access Hbase table
Page10 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Example Access Scenario with Ranger HDFS HDFS ACL Users Access HDFS file/folder Plugin Enforces policies And writes audit Hive Hive Authoriza tion Plugin Enforces policies And writes audit Plugins Write to Centralized Audit store Access Hive table HBase HBase ACL Plugin Enforces policies And writes audit Access Hbase table Ranger Policy store Ranger Audit store Ranger Plugin Ranger Plugin Ranger Plugin Plugins Download Defined Policies from Centralized Policy store Centralized Security Policy Management and Auditing provided by Ranger
Page11 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Core Ranger Features: • Ranger 0.4.0 • Authorization Support for HDFS, Hive, HBase, Knox, Storm • Audit destination support for HDFS, DB • Ranger 0.5.0 (Released yesterday!) • Support for High Availability (HA) • Support for Transparent Data Encryption with KMS implementation • Support for more plugins (Yarn, Kafka, Solr) • Solr as audit destination • Stack based implementation of Plugins • Dynamic policies with many other attributes • Internal permission model within Ranger Admin UI • Tighter integration with Apache Ambari
Page12 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger: Centralized Policy Admin
Page13 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Architecture Ranger Policy Admin Server Ranger User Sync Server HDFS Ranger Plugin Enterprise Directory Services Sync Users Security Administrators Enterprise Users Define Policies Audit user activity Sync Users Enterprise Legacy Systems Policy Integration Access Data in Hadoop Systems Authenticate Ranger Plugins Authorize the Access & Audit the Activity Hive Ranger Plugin HBase Ranger Plugin Knox Ranger Plugin Storm Ranger Plugin Ranger Audit Store Sync Policies Store Audit Activity Ranger Policy DB
Page14 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Apache Ranger Summary • Comprehensive security for Hadoop ecosystem • Apache Incubator Project – 100% open source • Centralized Administration of Security Policies • Integration with HDFS, Hive, Hbase, Knox, Storm, … • More components integration coming • Ensures consistent coverage across entire Hadoop stack
Page15 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Implementation - components  Central interface for security administration.  Users can create and update policies, view audit activities, manage users Ranger policy admin server  Synchronization utility to pull users and groups from Unix or LDAP or Active Directory.  User/group information is stored within Ranger admin policy DB and used for policy definition. Ranger user sync server  Lightweight Java programs within Hadoop component.  Pull in policies from policy admin server and store them locally in cache.  Act as Authorization module and evaluate user requests against security policies before granting access.  Collect data from user request and store this data into the audit store. Ranger plugins
Page16 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Policy Admin Server • Provides web interface to support ranger activities • Define repositories (resources to be authorized) • Define access policies (specify which users/groups can access to which resources) • Manage users/groups • Define auditing policies • View/Analyze audit data • Runs embedded tomcat server • Supports LDAP/AD and Unix authentication
Page17 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger User/Group Sync Server • Stand-alone Java server • Retrieves users/groups from enterprise directories • Creates these users/groups in Ranger DB for.. • supporting policy definition • allowing access to Ranger policy admin server • Supports Synchronization of users/groups: • LDAP • Active Directory • Unix
Page18 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HDFS Integration • HDFS Permissions • POSIX like permission model (owner/group for files and folders) • ACL’s for fine-grained permissions (for specific set of users/groups) • hdfs dfs -getfacl [-R] <path> • hdfs dfs -setfacl [-R] [options] <path> • dfs.permissions.enabled must be set to true
Page19 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HDFS Integration • Ranger Plugin acts as an authorizer within Namenode. • Need to install in all name nodes (in HA environment) • User can define policies on files and folders • Use of wildcard to define policies (/finance/audit_*) • Read, Write, Execute permissions are allowed • Plugin evaluates HDFS requests and provide access • If no specific ranger policy exists, HDFS ACLs are used as fallback
Page20 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • Hive facilitates querying and managing large datasets in distributed storage (on top of Hadoop) • HiveServer2 (HS2) is a server interface to Hive • HiveServer2 supports Access Control similar to relational database model • SELECT/UPDATE/DELETE permissions on tables/columns • Permission defined for USERS/ROLES • Also provides a pluggable authorizer model
Page21 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • Ranger Plugin acts as authorization provider for Hive Server2 • User can define policies on databases, tables/view, columns and UDFs • Select, Update, Create, Drop, Alter, Index, Lock Permissions allowed • Plugin evaluates Hive requests and grants/denies access based on the policies and creates necessary audit logs based on audit • Specific Ranger policy must exist for gaining access
Page22 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • When the user executes GRANT/REVOKE statements, the hive plugin will creates/deletes necessary Ranger Policies (provided the user has permission to create/delete policies) • GRANT SELECT, UPDATE, ALTER ON TABLE test_data TO USER guest; ← will create a new Ranger policy • REVOKE UPDATE, ALTER ON TABLE test_data FROM USER guest; ← will update/delete existing Ranger policy • Also, ROLE specified in the GRANT/REVOKE statements will be mapped to corresponding GROUPS from your corporate directories • Optionally, you can disable GRANT/REVOKE commands i.e. to force authorization policies management solely via Ranger Policy Admin
Page23 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Hbase is a non-relational DB on top of Hadoop/HDFS • HBase Provides Role Based Access Control/ACLs • ACLs are implemented as a coprocessor called AccessController • Ranger implements a similar coprocessor for enforcing access control based on Ranger Policies
Page24 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Ranger Plugin is implemented as a coprocessor of HBase Master/Region Servers to enforce Ranger Policies • User can define policies on tables, column families and qualifiers • Supports wildcard in defining policies (table = fin_*, col_fam = audit*) • Read, Write, Create, Admin permissions allowed • Plugin evaluates Hbase requests and grants/denies access based on the policies and creates necessary audit logs based on audit • Specific ranger policy must exist for gaining access
Page25 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Similar to Hive, Hbase also supports Grant/Revoke commands to manage access control from within Hbase shell. • Ranger HBase plug-in creates/updates Ranger policies to reflect permissions set via Grant/Revoke (from within Hbase) • grant ‘bob’, ‘RWCA’, ‘test_data’ ← will create a new Ranger policy • grant ‘bob’, ‘R’, ‘test_data’ ← will update the Ranger policy created by earlier grant; • Option to disable Grant/revoke commands i.e. to force authorization policies management solely via Ranger Policy Admin tool
Page26 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Knox Integration • Knox provides perimeter security for Hadoop REST API • Authentication and token verification at the perimeter • Authentication integration with enterprise and cloud identity management systems • Service level authorization at the perimeter • Single URL hierarchy that aggregates REST APIs of a Hadoop cluster • Hadoop services with built-in support currently! • WebHDFS, WebHCat, Oozie • Hbase, Hive, Yarn
Page27 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Knox Integration • Knox provides service level authorization based on xml configuration. • Ranger Knox Plugin will allow service level authorization enforcement via Ranger Policies by acting as Authz Provider within Knox Gateway • User can define policies on topologies and services • Provide access to services based on user/group/ip-address • E.g. Finance group will have access to WebHDFS from 10.1.1.* • Plugin evaluates Knox requests and grants/denies access based on the policies and creates necessary audit logs based on audit policies
Page28 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Storm Integration • Storm is a distributed real-time computation system. • Storm provides general primitives for real-time computation similar to how Hadoop provides general primitives for batch processing. • Storm Topologies :: Hadoop MR Jobs • Nimbus server (runs on master node) and Supervisor (runs on each worker node). Communication via ZooKeeper • Storm security is implemented based on Kerberos authentication
Page29 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Storm Integration • Ranger Plugin acts as an authorizer within Nimbus server • Ranger plugin then can authorize all incoming requests based on the Ranger Policies. • User can define policies on topologies • Permissions that can be set • getClusterInfo, Submit/Get/Kill/Activate/Deactivate Topology • Plugin evaluates Storm requests and grants/denies access based on the policies and creates necessary audit logs based on audit policies
Page30 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Auditing • Auditing is configured through policies (like authorization) • Resource access audit supported with following attributes • User id, request type, repository, access resource, IP address, timestamp, access granted/denied • Admin audit • Changes to policies, login sessions and plugin-monitoring • Audit Destination - HDFS, SOLR are supported, along with custom LOG4J based logging …
Page31 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
Page32 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Demo
Page33 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
Page34 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Strategies & Best practices • Authentication Process • Kerberos is MUST • Centralized Access Control & Auditing • Use Ranger to define & enforce the security policies • Enable Wire encryption • For confidential data, use Hadoop TDE for data encryption (at rest) • Aware of file permission for keystore & kerberos keytab • Protect access to log files
Page35 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Resources • Do NOT Miss BoF on Apache Ranger/Knox • Interested in Security ? -- Join Ranger Community to strengthen Hadoop Security!! • Join and Contribute! -- Apache Ranger website - http://ranger.incubator.apache.org/ -- Ranger Wiki - https://cwiki.apache.org/confluence/display/RANGER/Index
Page36 © Hortonworks Inc. 2011 – 2015. All Rights Reserved References • http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop- hdfs/HdfsPermissionsGuide.html • https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization • http://hbase.apache.org/book/hbase.accesscontrol.configuration.html • https://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html • https://github.com/apache/storm/blob/master/SECURITY.md
Page37 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Q & A Page 37

Recommended

Hadoop security
Hadoop securityHadoop security
Hadoop securityShivaji Dutta
 
Apache Ranger
Apache RangerApache Ranger
Apache RangerRommel Garcia
 
Apache Hadoop Security - Ranger
Apache Hadoop Security - RangerApache Hadoop Security - Ranger
Apache Hadoop Security - RangerIsheeta Sanghi
 
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem DataWorks Summit/Hadoop Summit
 
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayHadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayDataWorks Summit
 
Hive + Tez: A Performance Deep Dive
Hive + Tez: A Performance Deep DiveHive + Tez: A Performance Deep Dive
Hive + Tez: A Performance Deep DiveDataWorks Summit
 
HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseHBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseenissoz
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & FeaturesDataStax Academy
 

Recommended

Hadoop security
Hadoop securityHadoop security
Hadoop securityShivaji Dutta
 
Apache Ranger
Apache RangerApache Ranger
Apache RangerRommel Garcia
 
Apache Hadoop Security - Ranger
Apache Hadoop Security - RangerApache Hadoop Security - Ranger
Apache Hadoop Security - RangerIsheeta Sanghi
 
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem DataWorks Summit/Hadoop Summit
 
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayHadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox GatewayDataWorks Summit
 
Hive + Tez: A Performance Deep Dive
Hive + Tez: A Performance Deep DiveHive + Tez: A Performance Deep Dive
Hive + Tez: A Performance Deep DiveDataWorks Summit
 
HBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseHBase and HDFS: Understanding FileSystem Usage in HBase
HBase and HDFS: Understanding FileSystem Usage in HBaseenissoz
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & FeaturesDataStax Academy
 
Dataflow with Apache NiFi
Dataflow with Apache NiFiDataflow with Apache NiFi
Dataflow with Apache NiFiDataWorks Summit/Hadoop Summit
 
Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing DataWorks Summit
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security ArchitectureOwen O'Malley
 
HBase Low Latency
HBase Low LatencyHBase Low Latency
HBase Low LatencyDataWorks Summit
 
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxHadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxVinay Shukla
 
What's New in Apache Hive
What's New in Apache HiveWhat's New in Apache Hive
What's New in Apache HiveDataWorks Summit
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Hive 3 - a new horizon
Hive 3 - a new horizonHive 3 - a new horizon
Hive 3 - a new horizonThejas Nair
 
Intro to HBase
Intro to HBaseIntro to HBase
Intro to HBasealexbaranau
 
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Flink Forward
 
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingApache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingDataWorks Summit
 
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature DataWorks Summit
 
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataDataWorks Summit
 
Overview of new features in Apache Ranger
Overview of new features in Apache RangerOverview of new features in Apache Ranger
Overview of new features in Apache RangerDataWorks Summit
 
Apache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data ProcessingApache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data ProcessingDataWorks Summit
 
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & ParquetFile Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & ParquetDataWorks Summit/Hadoop Summit
 
Managing your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache AmbariManaging your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache AmbariDataWorks Summit
 
Apache Kafka Best Practices
Apache Kafka Best PracticesApache Kafka Best Practices
Apache Kafka Best PracticesDataWorks Summit/Hadoop Summit
 
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesApache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesDataWorks Summit
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...DataWorks Summit
 
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...huguk
 

More Related Content

What's hot

Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing DataWorks Summit
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security ArchitectureOwen O'Malley
 
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxHadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxVinay Shukla
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Hive 3 - a new horizon
Hive 3 - a new horizonHive 3 - a new horizon
Hive 3 - a new horizonThejas Nair
 
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Flink Forward
 
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingApache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingDataWorks Summit
 
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature DataWorks Summit
 
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataDataWorks Summit
 
Overview of new features in Apache Ranger
Overview of new features in Apache RangerOverview of new features in Apache Ranger
Overview of new features in Apache RangerDataWorks Summit
 
Apache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data ProcessingApache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data ProcessingDataWorks Summit
 
Managing your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache AmbariManaging your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache AmbariDataWorks Summit
 
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesApache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesDataWorks Summit
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Stenio Ferreira
 

What's hot (20)

Dataflow with Apache NiFi
Dataflow with Apache NiFiDataflow with Apache NiFi
Dataflow with Apache NiFi
 
Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing Apache Tez: Accelerating Hadoop Query Processing
Apache Tez: Accelerating Hadoop Query Processing
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security Architecture
 
HBase Low Latency
HBase Low LatencyHBase Low Latency
HBase Low Latency
 
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache KnoxHadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
 
What's New in Apache Hive
What's New in Apache HiveWhat's New in Apache Hive
What's New in Apache Hive
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
 
Hive 3 - a new horizon
Hive 3 - a new horizonHive 3 - a new horizon
Hive 3 - a new horizon
 
Intro to HBase
Intro to HBaseIntro to HBase
Intro to HBase
 
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
Introducing BinarySortedMultiMap - A new Flink state primitive to boost your ...
 
Apache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data ProcessingApache Tez - A New Chapter in Hadoop Data Processing
Apache Tez - A New Chapter in Hadoop Data Processing
 
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
Reduce Storage Costs by 5x Using The New HDFS Tiered Storage Feature
 
ORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big DataORC File - Optimizing Your Big Data
ORC File - Optimizing Your Big Data
 
Overview of new features in Apache Ranger
Overview of new features in Apache RangerOverview of new features in Apache Ranger
Overview of new features in Apache Ranger
 
Apache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data ProcessingApache Tez - A unifying Framework for Hadoop Data Processing
Apache Tez - A unifying Framework for Hadoop Data Processing
 
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & ParquetFile Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
 
Managing your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache AmbariManaging your Hadoop Clusters with Apache Ambari
Managing your Hadoop Clusters with Apache Ambari
 
Apache Kafka Best Practices
Apache Kafka Best PracticesApache Kafka Best Practices
Apache Kafka Best Practices
 
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on KubernetesApache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
Apache Druid Auto Scale-out/in for Streaming Data Ingestion on Kubernetes
 
Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2Vault Open Source vs Enterprise v2
Vault Open Source vs Enterprise v2
 

Similar to Securing Hadoop with Apache Ranger

Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...DataWorks Summit
 
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...huguk
 
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystemManaging enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystemDataWorks Summit
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop SecurityDataWorks Summit
 
Security and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache AtlasSecurity and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache AtlasDataWorks Summit/Hadoop Summit
 
TriHUG October: Apache Ranger
TriHUG October: Apache RangerTriHUG October: Apache Ranger
TriHUG October: Apache Rangertrihug
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop SecurityChris Nauroth
 
Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...DataWorks Summit
 
August 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for HadoopAugust 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for HadoopYahoo Developer Network
 
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015 Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015 Seetharam Venkatesh
 
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache FalconDriving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache FalconDataWorks Summit
 
Saving the elephant—now, not later
Saving the elephant—now, not laterSaving the elephant—now, not later
Saving the elephant—now, not laterDataWorks Summit
 
Building a data-driven authorization framework
Building a data-driven authorization frameworkBuilding a data-driven authorization framework
Building a data-driven authorization frameworkDataWorks Summit
 
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?DataWorks Summit/Hadoop Summit
 
Classification based security in Hadoop
Classification based security in HadoopClassification based security in Hadoop
Classification based security in HadoopMadhan Neethiraj
 
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and CentrifySimplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and CentrifyHortonworks
 
Atlas and ranger epam meetup
Atlas and ranger epam meetupAtlas and ranger epam meetup
Atlas and ranger epam meetupAlex Zeltov
 
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop EcosystemApache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop EcosystemBryan Bende
 

Similar to Securing Hadoop with Apache Ranger (20)

Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
 
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
 
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystemManaging enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop Security
 
Security and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache AtlasSecurity and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache Atlas
 
TriHUG October: Apache Ranger
TriHUG October: Apache RangerTriHUG October: Apache Ranger
TriHUG October: Apache Ranger
 
Improvements in Hadoop Security
Improvements in Hadoop SecurityImprovements in Hadoop Security
Improvements in Hadoop Security
 
Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...
 
August 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for HadoopAugust 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for Hadoop
 
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015 Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
 
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache FalconDriving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
 
Saving the elephant—now, not later
Saving the elephant—now, not laterSaving the elephant—now, not later
Saving the elephant—now, not later
 
Building a data-driven authorization framework
Building a data-driven authorization frameworkBuilding a data-driven authorization framework
Building a data-driven authorization framework
 
August 2014 HUG : Hive 13 Security
August 2014 HUG : Hive 13 SecurityAugust 2014 HUG : Hive 13 Security
August 2014 HUG : Hive 13 Security
 
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?
 
Classification based security in Hadoop
Classification based security in HadoopClassification based security in Hadoop
Classification based security in Hadoop
 
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and CentrifySimplify and Secure your Hadoop Environment with Hortonworks and Centrify
Simplify and Secure your Hadoop Environment with Hortonworks and Centrify
 
Atlas and ranger epam meetup
Atlas and ranger epam meetupAtlas and ranger epam meetup
Atlas and ranger epam meetup
 
Enterprise Data Classification and Provenance
Enterprise Data Classification and ProvenanceEnterprise Data Classification and Provenance
Enterprise Data Classification and Provenance
 
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop EcosystemApache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem
 

More from DataWorks Summit

Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisDataWorks Summit
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiTracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiDataWorks Summit
 
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...DataWorks Summit
 
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...DataWorks Summit
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal SystemDataWorks Summit
 
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExamplePractical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExampleDataWorks Summit
 
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberHBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberDataWorks Summit
 
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixScaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixDataWorks Summit
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiDataWorks Summit
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsDataWorks Summit
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureDataWorks Summit
 
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EnginePresto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EngineDataWorks Summit
 
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...DataWorks Summit
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudDataWorks Summit
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiDataWorks Summit
 
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerSecuring Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerDataWorks Summit
 
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...DataWorks Summit
 
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouComputer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouDataWorks Summit
 
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkBig Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkDataWorks Summit
 

More from DataWorks Summit (20)

Data Science Crash Course
Data Science Crash CourseData Science Crash Course
Data Science Crash Course
 
Floating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache RatisFloating on a RAFT: HBase Durability with Apache Ratis
Floating on a RAFT: HBase Durability with Apache Ratis
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFiTracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
 
HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...HBase Tales From the Trenches - Short stories about most common HBase operati...
HBase Tales From the Trenches - Short stories about most common HBase operati...
 
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
 
Managing the Dewey Decimal System
Managing the Dewey Decimal SystemManaging the Dewey Decimal System
Managing the Dewey Decimal System
 
Practical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist ExamplePractical NoSQL: Accumulo's dirlist Example
Practical NoSQL: Accumulo's dirlist Example
 
HBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at UberHBase Global Indexing to support large-scale data ingestion at Uber
HBase Global Indexing to support large-scale data ingestion at Uber
 
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and PhoenixScaling Cloud-Scale Translytics Workloads with Omid and Phoenix
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFiBuilding the High Speed Cybersecurity Data Pipeline Using Apache NiFi
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability ImprovementsSupporting Apache HBase : Troubleshooting and Supportability Improvements
Supporting Apache HBase : Troubleshooting and Supportability Improvements
 
Security Framework for Multitenant Architecture
Security Framework for Multitenant ArchitectureSecurity Framework for Multitenant Architecture
Security Framework for Multitenant Architecture
 
Presto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything EnginePresto: Optimizing Performance of SQL-on-Anything Engine
Presto: Optimizing Performance of SQL-on-Anything Engine
 
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFiEvent-Driven Messaging and Actions using Apache Flink and Apache NiFi
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
 
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache RangerSecuring Data in Hybrid on-premise and Cloud Environments using Apache Ranger
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
 
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
 
Computer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near YouComputer Vision: Coming to a Store Near You
Computer Vision: Coming to a Store Near You
 
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache SparkBig Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
 

Recently uploaded

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Securing Hadoop with Apache Ranger

  • 1. Page1 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Securing Hadoop With Apache Ranger Strategies & Best Practices 11 June 2015 – Hadoop Summit, San Jose Presented by: Selvamohan Neethiraj, Hortonworks Velmurugan Periasamy, Hortonworks
  • 2. Page2 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Session overview Secured by:
  • 3. Page3 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Speakers Introduction Selvamohan Neethiraj Senior Director, Enterprise Security Development, HortonWorks Velmurugan Periasamy Senior Technical Manager, HortonWorks
  • 4. Page4 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
  • 5. Page5 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Universal Security Principles • Authentication – Who is the user? • Authorization – What can the user do? • Auditing – Record user’s activities • Data Integrity – It is what it is • Confidentiality – Restricted
  • 6. Page6 © Hortonworks Inc. 2011 – 2015. All Rights Reserved How Hadoop handles security? • Authentication [Simple, Kerberos] • Authorization [Acl on files/folders] • Auditing [audit log on hosts] • Data Integrity [SSL communication] • Confidentiality [TDE]
  • 7. Page7 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Security on Hadoop tool sets • Hdfs • Hive • Hbase • Knox • Storm • Oozie • Spark • Kafka • Solr • KMS
  • 8. Page8 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
  • 9. Page9 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Example Access Scenario HDFS HDFS ACL HDFS audit log Users Access HDFS file/folder HDFS checks its ACL HDFS Writes audit Hive Hive Authoriza tion Hive audit log Hive authz check Hive Writes audit Access Hive table HBase HBase ACL Hbase audit log Hbase authz check HBase Writes audit Access Hbase table
  • 10. Page10 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Example Access Scenario with Ranger HDFS HDFS ACL Users Access HDFS file/folder Plugin Enforces policies And writes audit Hive Hive Authoriza tion Plugin Enforces policies And writes audit Plugins Write to Centralized Audit store Access Hive table HBase HBase ACL Plugin Enforces policies And writes audit Access Hbase table Ranger Policy store Ranger Audit store Ranger Plugin Ranger Plugin Ranger Plugin Plugins Download Defined Policies from Centralized Policy store Centralized Security Policy Management and Auditing provided by Ranger
  • 11. Page11 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Core Ranger Features: • Ranger 0.4.0 • Authorization Support for HDFS, Hive, HBase, Knox, Storm • Audit destination support for HDFS, DB • Ranger 0.5.0 (Released yesterday!) • Support for High Availability (HA) • Support for Transparent Data Encryption with KMS implementation • Support for more plugins (Yarn, Kafka, Solr) • Solr as audit destination • Stack based implementation of Plugins • Dynamic policies with many other attributes • Internal permission model within Ranger Admin UI • Tighter integration with Apache Ambari
  • 12. Page12 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger: Centralized Policy Admin
  • 13. Page13 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Architecture Ranger Policy Admin Server Ranger User Sync Server HDFS Ranger Plugin Enterprise Directory Services Sync Users Security Administrators Enterprise Users Define Policies Audit user activity Sync Users Enterprise Legacy Systems Policy Integration Access Data in Hadoop Systems Authenticate Ranger Plugins Authorize the Access & Audit the Activity Hive Ranger Plugin HBase Ranger Plugin Knox Ranger Plugin Storm Ranger Plugin Ranger Audit Store Sync Policies Store Audit Activity Ranger Policy DB
  • 14. Page14 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Apache Ranger Summary • Comprehensive security for Hadoop ecosystem • Apache Incubator Project – 100% open source • Centralized Administration of Security Policies • Integration with HDFS, Hive, Hbase, Knox, Storm, … • More components integration coming • Ensures consistent coverage across entire Hadoop stack
  • 15. Page15 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Implementation - components  Central interface for security administration.  Users can create and update policies, view audit activities, manage users Ranger policy admin server  Synchronization utility to pull users and groups from Unix or LDAP or Active Directory.  User/group information is stored within Ranger admin policy DB and used for policy definition. Ranger user sync server  Lightweight Java programs within Hadoop component.  Pull in policies from policy admin server and store them locally in cache.  Act as Authorization module and evaluate user requests against security policies before granting access.  Collect data from user request and store this data into the audit store. Ranger plugins
  • 16. Page16 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Policy Admin Server • Provides web interface to support ranger activities • Define repositories (resources to be authorized) • Define access policies (specify which users/groups can access to which resources) • Manage users/groups • Define auditing policies • View/Analyze audit data • Runs embedded tomcat server • Supports LDAP/AD and Unix authentication
  • 17. Page17 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger User/Group Sync Server • Stand-alone Java server • Retrieves users/groups from enterprise directories • Creates these users/groups in Ranger DB for.. • supporting policy definition • allowing access to Ranger policy admin server • Supports Synchronization of users/groups: • LDAP • Active Directory • Unix
  • 18. Page18 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HDFS Integration • HDFS Permissions • POSIX like permission model (owner/group for files and folders) • ACL’s for fine-grained permissions (for specific set of users/groups) • hdfs dfs -getfacl [-R] <path> • hdfs dfs -setfacl [-R] [options] <path> • dfs.permissions.enabled must be set to true
  • 19. Page19 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HDFS Integration • Ranger Plugin acts as an authorizer within Namenode. • Need to install in all name nodes (in HA environment) • User can define policies on files and folders • Use of wildcard to define policies (/finance/audit_*) • Read, Write, Execute permissions are allowed • Plugin evaluates HDFS requests and provide access • If no specific ranger policy exists, HDFS ACLs are used as fallback
  • 20. Page20 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • Hive facilitates querying and managing large datasets in distributed storage (on top of Hadoop) • HiveServer2 (HS2) is a server interface to Hive • HiveServer2 supports Access Control similar to relational database model • SELECT/UPDATE/DELETE permissions on tables/columns • Permission defined for USERS/ROLES • Also provides a pluggable authorizer model
  • 21. Page21 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • Ranger Plugin acts as authorization provider for Hive Server2 • User can define policies on databases, tables/view, columns and UDFs • Select, Update, Create, Drop, Alter, Index, Lock Permissions allowed • Plugin evaluates Hive requests and grants/denies access based on the policies and creates necessary audit logs based on audit • Specific Ranger policy must exist for gaining access
  • 22. Page22 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Hive Integration • When the user executes GRANT/REVOKE statements, the hive plugin will creates/deletes necessary Ranger Policies (provided the user has permission to create/delete policies) • GRANT SELECT, UPDATE, ALTER ON TABLE test_data TO USER guest; ← will create a new Ranger policy • REVOKE UPDATE, ALTER ON TABLE test_data FROM USER guest; ← will update/delete existing Ranger policy • Also, ROLE specified in the GRANT/REVOKE statements will be mapped to corresponding GROUPS from your corporate directories • Optionally, you can disable GRANT/REVOKE commands i.e. to force authorization policies management solely via Ranger Policy Admin
  • 23. Page23 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Hbase is a non-relational DB on top of Hadoop/HDFS • HBase Provides Role Based Access Control/ACLs • ACLs are implemented as a coprocessor called AccessController • Ranger implements a similar coprocessor for enforcing access control based on Ranger Policies
  • 24. Page24 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Ranger Plugin is implemented as a coprocessor of HBase Master/Region Servers to enforce Ranger Policies • User can define policies on tables, column families and qualifiers • Supports wildcard in defining policies (table = fin_*, col_fam = audit*) • Read, Write, Create, Admin permissions allowed • Plugin evaluates Hbase requests and grants/denies access based on the policies and creates necessary audit logs based on audit • Specific ranger policy must exist for gaining access
  • 25. Page25 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – HBase Integration • Similar to Hive, Hbase also supports Grant/Revoke commands to manage access control from within Hbase shell. • Ranger HBase plug-in creates/updates Ranger policies to reflect permissions set via Grant/Revoke (from within Hbase) • grant ‘bob’, ‘RWCA’, ‘test_data’ ← will create a new Ranger policy • grant ‘bob’, ‘R’, ‘test_data’ ← will update the Ranger policy created by earlier grant; • Option to disable Grant/revoke commands i.e. to force authorization policies management solely via Ranger Policy Admin tool
  • 26. Page26 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Knox Integration • Knox provides perimeter security for Hadoop REST API • Authentication and token verification at the perimeter • Authentication integration with enterprise and cloud identity management systems • Service level authorization at the perimeter • Single URL hierarchy that aggregates REST APIs of a Hadoop cluster • Hadoop services with built-in support currently! • WebHDFS, WebHCat, Oozie • Hbase, Hive, Yarn
  • 27. Page27 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Knox Integration • Knox provides service level authorization based on xml configuration. • Ranger Knox Plugin will allow service level authorization enforcement via Ranger Policies by acting as Authz Provider within Knox Gateway • User can define policies on topologies and services • Provide access to services based on user/group/ip-address • E.g. Finance group will have access to WebHDFS from 10.1.1.* • Plugin evaluates Knox requests and grants/denies access based on the policies and creates necessary audit logs based on audit policies
  • 28. Page28 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Storm Integration • Storm is a distributed real-time computation system. • Storm provides general primitives for real-time computation similar to how Hadoop provides general primitives for batch processing. • Storm Topologies :: Hadoop MR Jobs • Nimbus server (runs on master node) and Supervisor (runs on each worker node). Communication via ZooKeeper • Storm security is implemented based on Kerberos authentication
  • 29. Page29 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Plugin – Storm Integration • Ranger Plugin acts as an authorizer within Nimbus server • Ranger plugin then can authorize all incoming requests based on the Ranger Policies. • User can define policies on topologies • Permissions that can be set • getClusterInfo, Submit/Get/Kill/Activate/Deactivate Topology • Plugin evaluates Storm requests and grants/denies access based on the policies and creates necessary audit logs based on audit policies
  • 30. Page30 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Auditing • Auditing is configured through policies (like authorization) • Resource access audit supported with following attributes • User id, request type, repository, access resource, IP address, timestamp, access granted/denied • Admin audit • Changes to policies, login sessions and plugin-monitoring • Audit Destination - HDFS, SOLR are supported, along with custom LOG4J based logging …
  • 31. Page31 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
  • 32. Page32 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Demo
  • 33. Page33 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Agenda Current Hadoop Security What Ranger Brings Ranger Demo Best Practices Q & A
  • 34. Page34 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Strategies & Best practices • Authentication Process • Kerberos is MUST • Centralized Access Control & Auditing • Use Ranger to define & enforce the security policies • Enable Wire encryption • For confidential data, use Hadoop TDE for data encryption (at rest) • Aware of file permission for keystore & kerberos keytab • Protect access to log files
  • 35. Page35 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Ranger Resources • Do NOT Miss BoF on Apache Ranger/Knox • Interested in Security ? -- Join Ranger Community to strengthen Hadoop Security!! • Join and Contribute! -- Apache Ranger website - http://ranger.incubator.apache.org/ -- Ranger Wiki - https://cwiki.apache.org/confluence/display/RANGER/Index
  • 36. Page36 © Hortonworks Inc. 2011 – 2015. All Rights Reserved References • http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop- hdfs/HdfsPermissionsGuide.html • https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Authorization • http://hbase.apache.org/book/hbase.accesscontrol.configuration.html • https://knox.apache.org/books/knox-0-5-0/knox-0-5-0.html • https://github.com/apache/storm/blob/master/SECURITY.md
  • 37. Page37 © Hortonworks Inc. 2011 – 2015. All Rights Reserved Q & A Page 37