When planning for securing a Hadoop cluster, what should be the steps to be performed in sequence? For example, we want to implement a complete security solution for Hadoop i.e. to kerberize our cluster for authentication, use knox for perimeter security, use ranger for authorisation and policy management and finally enable TDE.
Just wondering what should be the sequence of actions to be performed for this?
Below are the five pillars for Enterprise security -
5. Data Protection
For each of above pillar hortonworks provides respective tools and components to implement and achieve desired goal.
Please visit below url for more details -
In addition - here is what i can pass handy -
1. Setup authentication using ldap/AD/freeIPA
2. Integrate HDP cluster [Ambari] with LDAP/AD
3. Integrate ecosystem tools [like HUE] with LDAP/AD
4. TEST running sample jobs
5. Implement kerberos
6. Enable/Integrate kerberos with Ambari and HDP services
7. Implement Ranger
8. Enable ecosystem[HDFS/HIVE/YARN/KNOX,etc..] plugins in ranger
10. Test sample jobs.
11. Test ranger audits.
Hi, There is no specific sequence, but ideally Ranger would take care of TDE so both Ranger/TDE would go parallely . Knox can be enabled at any point when your cluster is ready to be consumed by external clients. Ideally for TDE you would need to plan ahead, before data is being moved into the cluster or data needs to be copied from non-EZ to EZ locations.