An HDP Security Administration deployment contains the following components:
HDP Security Administration server: A central location to manage all security policies for Hadoop clusters, including access control, auditing, and reporting. It also provides delegated administration features to enable administration of policies for specific data to other users and groups.
User and Group Synchronizer: Synchronizes user and group information between a UNIX server and the HDP Security Administration server. Allows the Unix system users on the host where the agent is installed to sign in to the Web UI with the same credentials as the local host.
Security Agent for HDFS: Enforces the HDFS access control based on the policies managed on the HDP Security Administration server and provides audit and reporting HDFS activity.
Security Agent for Hive: Enforces Hive (HiveServer2) access control based on the policies managed on the HDP Security Administration server and provides audit and reporting for Hive activity.
Security Agent for HBase: Enforces HBase access control (via Hive2 service) based on the policies managed on the HDP Security Administration server and provides audit and reporting for HBase activity. Install an agent on the HBase Master and all HBase Regional servers.
The following table shows the ports used by the HDP Security Administration tools:
Table 1.1. Server and Agent Ports
| Component | Listening Port | Connection to Port |
|---|---|---|
| HDP Security Administration server | 6080[a] (HTTP) | 3306 (JDBC/MySQL) |
| All Agents (HDFS, HBase and Hive) | 6080* (HTTP) | |
| User and Group Synchronization Agent | 5151[b](Optional for remote Unix) | 3306 (JDBC/MySQL) |
| MySQL | 3306[c] | 3306 |
[a] Ensure agent hosts can connect to the HDP SA server on port 6080. [b] Make sure HDP Security Administration server can connect to port 5151 on the server were Unix Synchronization Service is installed. [c] HDP Security Administrator server and agent servers should be able to connect to port 3306 on the server MySQL is installed. The agents insert the audit logs directly into the database | ||
