Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hadoop Security Query


Hadoop Security Query

New Contributor


When planning for securing a Hadoop cluster, what should be the steps to be performed in sequence? For example, we want to implement a complete security solution for Hadoop i.e. to kerberize our cluster for authentication, use knox for perimeter security, use ranger for authorisation and policy management and finally enable TDE.

Just wondering what should be the sequence of actions to be performed for this?



Re: Hadoop Security Query

Hi @Greenhorn Techie

Below are the five pillars for Enterprise security -

1. Administration

2. Authentication

3. Authorization

4. Audit

5. Data Protection

For each of above pillar hortonworks provides respective tools and components to implement and achieve desired goal.

Please visit below url for more details -

In addition - here is what i can pass handy -

1. Setup authentication using ldap/AD/freeIPA

2. Integrate HDP cluster [Ambari] with LDAP/AD

3. Integrate ecosystem tools [like HUE] with LDAP/AD

4. TEST running sample jobs

5. Implement kerberos

6. Enable/Integrate kerberos with Ambari and HDP services

7. Implement Ranger

8. Enable ecosystem[HDFS/HIVE/YARN/KNOX,etc..] plugins in ranger

10. Test sample jobs.

11. Test ranger audits.

Re: Hadoop Security Query

Expert Contributor

Hi, There is no specific sequence, but ideally Ranger would take care of TDE so both Ranger/TDE would go parallely . Knox can be enabled at any point when your cluster is ready to be consumed by external clients. Ideally for TDE you would need to plan ahead, before data is being moved into the cluster or data needs to be copied from non-EZ to EZ locations.

Don't have an account?
Coming from Hortonworks? Activate your account here