MapR 5.2 is at End of Life (EOL) and no longer supported. Please see the latest documentation. This documentation is not being updated.

Home
5.2 Cluster Administration
This section contains information on administering the cluster and MapR-DB, configuring Gateways, and configuring and managing particular aspects of the MapR security infrastructure.
Configuring Security
Describes tasks for configuring MapR security, managing secure clusters, and administering auditing.
Configuring Mapr Security
Provides usage information for frequently used security functionality including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.

MapR 5.2 Documentation

5.2 Cluster Administration
This section contains information on administering the cluster and MapR-DB, configuring Gateways, and configuring and managing particular aspects of the MapR security infrastructure.
- Administering the Cluster
  This section describes how to manage the nodes and services that make up a cluster.
- Monitoring the Cluster
  This section describes how to monitor the health and performance of a MapR cluster.
- Configuring and Managing MapR Gateways
  A MapR gateway mediates one-way communication between a source MapR cluster and a destination cluster. MapR-DB tables and MapR Streams streams can be replicated.
- Administering MapR-DB
  Administration of the MapR-DB is done primarily via the commmand line (maprcli) or with the MapR Control System (MCS). Regardless of whether the MapR-DB table is used for binary files or JSON documents, the same types of commands are used with slightly different parameter options. MapR-DB administration is associated with tables, columns and column families, and table regions.
- Configuring Security
  Describes tasks for configuring MapR security, managing secure clusters, and administering auditing.
  - Configuring Mapr Security
    Provides usage information for frequently used security functionality including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.
    - Getting Started with MapR Security
      Describes two core scenarios that allow quick implementation of security features.
    - Managing Encryption for MapR Core
      Provides information that allows you to use encryption across the MapR platform.
    - Authenticating Users
      Provides information about MapR ticket, Kerberos, Pluggable Authentication Module (PAM) authentication.
    - Managing Access Controls
      Describes how to create, enable, and use ACLs and ACEs.
    - Managing Impersonation
      Provides instructions for enabling and using MapR impersonation features.
  - Managing Secure Clusters
    Provides procedures that will enable you to run use MapR clusters securely.
  - Managing Auditing
    Provides instructions for using MapR auditing features.
- Administrator's Reference
  This section contains in-depth reference information for the administrator.
- Glossary
  This section contains defintions for commonly used terms in MapR Converged Data Platform environments.

Configuring Mapr Security

Provides usage information for frequently used security functionality including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.

Security features for the MapR Converged Data Platform are disabled by default. You can enable security features at any time, but additional configuration is required for the individual components to work with security enabled, particularly elements that use Kerberos for user authentication. This section discusses initial configuration of a secure cluster as well as other forms of security.

The following access control elements are active whether or not your cluster's security features are enabled, however, once security features are enabled, these elements benefit from encrypted traffic within the cluster and strong authentication to the cluster.

ACLs for the cluster, the volumes in the cluster, and the MapReduce job queue
ACEs control user permissions for directories, files, and MapR-DB tables that are stored natively
File permissions for objects in the MapR-FS layer
Subnet whitelisting restricts access to the cluster's FileServer service

On clusters with security features enabled, Ecosystem components may require additional configuration. For example, Hive functionality has different security requirements depending on the interaction between the HiveServer2 component, the Hive command-line interface, and the Hive metastore.

See the Security Matrix for more information about supported security options for Ecosystem components. See the specific Ecosystem component in the Ecosystem Components for information on security configuration.

See Security Vulnerabilities for a list of known vulnerabilities.