How to set up security with Apache Ranger and Apache Knox. This includes authorization, authentication, proxy, SSO, auditing, wire encryption, HDFS encryption, advanced options for Ambari, and securing credentials.
Configuring Proxy with Apache Knox
Set up the Apache Knox Gateway to proxy components. This includes configuring the Knox Gateway, auditing Gateway activity, configuring Gateway security, and configuring topology files (dynamically-generated or manually).
Configuring Authentication with Kerberos
Set up authentication with Kerberos to identify users and have that identity propagated throughout your cluster. This includes setting up SPNEGO, enabling Kerberos using Ambari, and configuring components for Kerberos.
Configuring Ambari Authentication with LDAP/AD
Configure LDAP or Active Directory (AD) external authentication for Ambari. You must set up LDAP user authentication, configure to use an LDAP/AD server, and synchronize LDAP users and groups.
Configuring Ranger Authentication with UNIX, LDAP, or AD
Configure the authentication method that determines who is allowed to login to the Ranger web interface. The options are local Unix, AD, or LDAP.
Configuring Knox SSO
Configure all or some services to use Knox SSO (Single Sign-on) to authenticate users. With this configuration, unauthenticated users who try to access a service (E.G., Ambari, Atlas, etc), are redirected to the Knox SSO login page for authentication.
Providing Authorization with Ranger
Configuring Apache Ranger to provide authorization to your cluster users. Authorization defines user access rights to resources and the actions they can take. You can add resource services (e.g., HDFS, Hive, HBase, etc) or tag services (Atlas) and add access policies to them.
"Configuring Apache Ranger and Apache Solr to collect audits: access history and reporting data."
Configuring Wire Encryption
Configure SSL/TLS to protect data as it moves into, through, and out of a Hadoop cluster over RPC, HTTP, Data Transfer Protocol (DTP), and JDBC.
Configuring Advanced Security Options for Ambari
Several security options for an Ambari-monitored-and-managed Hadoop cluster.
Configuring HDFS Encryption
Implement end-to-end encryption of data read from and written to HDFS. End-to-end encryption means that data is encrypted and decrypted only by the client. This includes configuring the Ranger KMS, HDFS encryption, and running datanodes as non-root.