Security for Ecosystem Components
Whether you install Data Fabric software by using the Installer or by using manual steps, the platform and its ecosystem components are installed with security ON by default.
Installer: Security with a Single Click
A single option in the Installer controls security for the platform and ecosystem components. The Enable MapR Secure Cluster option is checked by default for new installations.
Before starting a new installation, if you want to disable security for the platform and ecosystem components, you can deselect the Enable MapR Secure Cluster option. Later, after the cluster is installed, if you want to add or remove security, you can select or deselect the option during an Incremental Install operation. For more information, see Enable Data Fabric Secure Cluster.
Manual Installation: Security with configure.sh
When you install a Data Fabric cluster by using the manual
steps, you configure security on all nodes by using the
configure.sh script with the -secure -genkeys
options, as described
in Enabling Security on a New Cluster Installation.
Manual installation also creates a cluster that is secure by default. For individual ecosystem components, additional security measures are supported, depending on the component. See the notes in the following table.
Security and Ecosystem Components
| Component | Supports Secure by Default | Notes |
|---|---|---|
| AsynchHBase | N/A | Security is not applicable. This component acts as a library. |
| Data Access Gateway 2.0 | Yes | For more information, see Understanding the HPE Ezmeral Data Fabric Data Access Gateway. |
| Drill | Yes | For more information about Drill security, see Securing Drill. |
| HBase | Yes | For more information, see HBase Configuration Properties. |
| HBase REST / Thrift Gateway | Yes | For more information, see HBase REST Gateway and HBase Thrift Gateway Secured By Default to Use SSL. |
| Hive | Yes | For more information, see Hive Security. |
| Httpfs | Yes | For more information, see Configuring HttpFS. |
| Hue | Yes | For more information, see Configure Hue with Security. |
| Kafka-Connect | Yes | For more information, see Worker Configuration. |
| Kafka-REST | Yes | For more information, see User Impersonation and SSL Security Configuration. |
| KSQL | Yes | For more information, see KSQL Security. |
| Kafka Streams | No | For more information, see Kafka Streams Security. |
| Livy | Yes | For more information, see Configure Livy. |
| Data Fabric Installer | Yes | For more information, see Using the Enable MapR Secure Cluster Option and Using the Enable MapR DARE Option. |
| Pig | N/A | Security is not applicable. This component acts as a library. |
| Schema Registry | Yes | For more information, see Security Parameters. |
| Sentry | No | This component can be configured to run on a secure Data Fabric cluster. Security must be configured manually. |
| Spark | Yes | For more information, see Spark configure.sh. |
| Sqoop 1 | N/A | Security is not applicable. This component acts as a library. |
| Timeline Server | Yes | For more information, see Configuring the Timeline Server to Use the Hive-on-Tez User Interface. |
| Data Fabric Monitoring Components | ||
| collectd | Yes | Communicates over Data Fabric streams. See Spyglass on Streams. |
| ElasticSearch | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| FluentD | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| Grafana | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| Kibana | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| OpenTSDB | Yes | Communicates over Data Fabric streams. See Spyglass on Streams. |