About
This site contains documentation for HPE Ezmeral Runtime Enterprise, including installation, configuration, administration, and reference content, and information about related solutions. Examples of related solutions include HPE Ezmeral ML Ops and HPE Ezmeral Runtime Analytics for Apache Spark.
5.6 Reference
- HPE Ezmeral Runtime Enterprise 5.6
- Software Versions
- Kubernetes Bundles
  Kubernetes Bundles are software packages that can contain software to support newer Kubernetes versions, updated add-ons, and software fixes. Kubernetes Bundles enable you to update your deployment without requiring you to upgrade to a newer version of HPE Ezmeral Runtime Enterprise.
- Quick Links
- What's New in Version 5.6.x
  This topic summarizes the new features and important changes in HPE Ezmeral Runtime Enterprise 5.6.x compared to HPE Ezmeral Runtime Enterprise 5.5.x.
- Prepackaged Applications
- On-Premises, Hybrid, and Multi-Cloud Deployments
- Third-Party Licenses
- Universal Concepts
- Accessing HPE Ezmeral Runtime Enterprise Applications and Services
- Navigating the GUI
  Describes the screen layout of the HPE Ezmeral Runtime Enterprise graphical user interface (GUI).
- HPE Ezmeral ML Ops
  The topics in this section provide information about machine learning operations (ML Ops/MLOps) using HPE Ezmeral ML Ops in HPE Ezmeral Runtime Enterprise. (Not available with HPE Ezmeral Runtime Enterprise Essentials.)
- Spark on Kubernetes
  The topics in this section provide information about Apache Spark on Kubernetes in HPE Ezmeral Runtime Enterprise. (Not available with HPE Ezmeral Runtime Enterprise Essentials.)
- Kubernetes
- Platform Administration
  Tasks and reference information for Platform Adminstrators (Site Administrators) managing the HPE Ezmeral Runtime Enterprise deployment.
- HPE Ezmeral Data Fabric Introduction
  HPE Ezmeral Data Fabric is a platform for data-driven analytics, ML, and AI workloads. The patented file-system architecture was designed and built for performance, reliability, and scalability. HPE Ezmeral Runtime Enterprise supports multiple implementations of HPE Ezmeral Data Fabric.
- HPE Ezmeral Data Fabric on Kubernetes Administration
  You administer HPE Ezmeral Data Fabric on Kubernetes and Embedded Data Fabric as part of your HPE Ezmeral Runtime Enterprise environment. The external "bare metal" implementation of HPE Ezmeral Data Fabric is administered through its own tools and has its own documentation. (Not available in HPE Ezmeral Runtime Enterprise Essentials.)
  - About HPE Ezmeral Data Fabric on Kubernetes
  - Requirements for HPE Ezmeral Data Fabric on Kubernetes (for non-production environments only)
    Describes the requirements for HPE Ezmeral Data Fabric on Kubernetes, which is only supported for non-production environments. For all production requirements, recommendation is to use HPE Ezmeral Data Fabric on Bare Metal.
  - Data Fabric Cluster Administrator Username and Password
    This topic defines the HPE Ezmeral Data Fabric cluster administrator and provides information about the default username (mapr) and password for the Data Fabric cluster administrator in HPE Ezmeral Runtime Enterprise deployments.
  - Using Self-Signed Certificates with the Data Fabric Cluster
  - External KMIP Keystore Support
  - Creating a New Data Fabric Cluster
    Use this procedure when creating a cluster that implements HPE Ezmeral Data Fabric on Kubernetes.
  - Expanding a Data Fabric Cluster
    This procedure describes how to expand an HPE Ezmeral Data Fabric on Kubernetes cluster deployed on HPE Ezmeral Runtime Enterprise.
  - Shutting Down a Data Fabric Cluster
    This procedure performs an orderly shut down of Data Fabric clusters that implement HPE Ezmeral Data Fabric on Kubernetes. This procedure does not apply to bare-metal HPE Ezmeral Data Fabric clusters. This procedure does not shut down the entire HPE Ezmeral Runtime Enterprise.
  - Restarting the Data Fabric Cluster
    This procedure resumes the startup process for Data Fabric clusters that implement HPE Ezmeral Data Fabric on Kubernetes. This procedure does not apply to bare-metal HPE Ezmeral Data Fabric clusters. This procedure does not restart the entire HPE Ezmeral Runtime Enterprise.
  - Upgrading and Patching Data Fabric Clusters on Kubernetes
  - Managing HPE Ezmeral Data Fabric on Kubernetes
  - Using the CSI
  - Upgrading the CSI Plug-In
    Use this procedure to upgrade the CSI plug-in on Kubernetes clusters that are not HPE Ezmeral Data Fabric on Kubernetes clusters in deployments of HPE Ezmeral Runtime Enterprise 5.3.5 or later. Upgrading the CSI plug-in requires restarting or recreating the affected pods.
  - HPE Ezmeral Data Fabric Control System (MCS)
  - Disk Management in HPE Ezmeral Data Fabric on Kubernetes
    The topics in this section describe disk management tasks for disks that are part of storage pools on HPE Ezmeral Data Fabric on Kubernetes on HPE Ezmeral Runtime Enterprise.
  - HPE Ezmeral Data Fabric Database Administration
    Administration of the HPE Ezmeral Data Fabric Database on HPE Ezmeral Data Fabric on Kubernetes is done using the maprcli command line interface (not the MCS). HPE Ezmeral Data Fabric Database administration is associated with tables, columns and column families, and table regions.
  - Configuring Cross-Cluster Trust
  - Creating Multiple Gateways for Table and Stream Replication
    You can create multiple gateways for table and stream replication by increasing the number of maprgateway pods.
  - Debugging and Troubleshooting
  - Object Store (S3 Gateway) Overview
  - HPE Ezmeral Data Fabric Event Store
    HPE Ezmeral Data Fabric Event Store provides a reliable, global event streaming system that integrates publish and subscribe messaging to HPE Ezmeral Data Fabric on Kubernetes in HPE Ezmeral Runtime Enterprise.
  - Erasure coding
    In HPE Ezmeral Runtime Enterprise, HPE Ezmeral Data Fabric on Kubernetes supports storage tiers that use erasure coding for data. Erasure coding (EC) is a method of protecting data on lower-cost hardware that also reduces storage overhead in the range of 1.2x-1.5x. EC ensures that if data becomes corrupted, it can be reconstructed using information about the data that is present elsewhere.
  - Kafka REST Support
  - Policy-Based Security
    In HPE Ezmeral Runtime Enterprise, HPE Ezmeral Data Fabric on Kubernetes supports policy-based security (PBS), and the creation and management of security policies for Data Fabric objects through maprcli commands.
    - Policy Based Security versus Centralized Policy Management
      In HPE Ezmeral Runtime Enterprise, policy-based security and Centralized Policy Management have similar names but separate functions and scopes. The policy-based security feature applies to HPE Ezmeral Data Fabric objects. The Centralized Policy Management feature applies to Kubernetes cluster objects and can manage security policies from a central repository.
    - Setting Up Policy-Based Security
      In HPE Ezmeral Runtime Enterprise, policy-based security (PBS) for HPE Ezmeral Data Fabric on Kubernetes is enabled by default. Before you can begin creating security policies, you must use maprcli commands to perform some set up tasks.
    - Creating, managing, and monitoring security policies for Data Fabric objects
      Managing policy-based security on HPE Ezmeral Data Fabric on Kubernetes in HPE Ezmeral Runtime Enterprise is the same as managing policy-based security on bare-metal HPE Ezmeral Data Fabric clusters. Using maprcli or the Control Service (MCS), you can perform the same tasks that are described in the HPE Ezmeral Data Fabric documentation.
  - Manual and Advanced Tasks
    The topics in this section describe the manual tasks and information for advanced users of HPE Ezmeral Data Fabric on Kubernetes in HPE Ezmeral Runtime Enterprise.
- GPU and MIG Support
  This topic provides information about support for NVIDIA GPU and MIG devices on HPE Ezmeral Runtime Enterprise.
- Licensing
- Global Settings
- Planning the Deployment
  A high-level overview of the items to consider when planning an HPE Ezmeral Runtime Enterprise deployment.
- System Requirements
- Deploying the Platform
  The topics in this section describe deploying HPE Ezmeral Runtime Enterprise. Deployment is divided into phases.
- Upgrading to HPE Ezmeral Runtime Enterprise 5.6.x
  This article describes the process to upgrade to the latest 5.6.x version of HPE Ezmeral Runtime Enterprise.
- Upgrading from HPE Ezmeral Runtime Enterprise Essentials
  Upgrade from HPE Ezmeral Runtime Enterprise Essentials to the full-featured HPE Ezmeral Runtime Enterprise or to HPE Ezmeral ML Ops by uploading a license. No additional steps are required.
- Manually Restarting HPE Ezmeral Runtime Enterprise Services
  This topic describes restarting HPE Ezmeral Runtime Enterprise services in non-Kubernetes hosts.
- Uninstalling and Reinstalling HPE Ezmeral Runtime Enterprise
- Support and Troubleshooting
App Workbench 5.1

Policy-Based Security

In HPE Ezmeral Runtime Enterprise, HPE Ezmeral Data Fabric on Kubernetes supports policy-based security (PBS), and the creation and management of security policies for Data Fabric objects through maprcli commands.

In HPE Ezmeral Runtime Enterprise, HPE Ezmeral Data Fabric on Kubernetes supports policy-based security (PBS), and the creation and management of security policies for Data Fabric objects through maprcli commands. For some tasks, you can also use the Control System (MCS).

A security policy is a classification that encapsulates security controls on data. Security controls define which users are authorized to access and modify data objects, whether to audit data operations, and whether to protect data in motion with wire-level encryption.

For example, consider a scenario in which one of your data classifications is sensitive employee data. With policy-based security, you can create a security policy named employeeData. As part of the security policy, one of the security controls you might define includes access control expressions (ACEs) that specify which users are allowed to access the employee data. You can then apply the security policy to relevant employee data objects. When you need to grant new users access to the employee data, you only need to modify that one security policy instead of modifying the ACEs defined on each of the employee data objects.

Examples of HPE Ezmeral Data Fabric objects that can be assigned ("tagged" with) security policies include the following:

HPE Ezmeral Data Fabric file system volumes, directories and files
HPE Ezmeral Data Fabric Database JSON tables, column families, and fields

For more information about policy-based security (PBS) for HPE Ezmeral Data Fabric, see Policy-Based Security in the HPE Ezmeral Data Fabric documentation.