Built-in Security in MapR
Introduces a new security setting for MapR platform and ecosystem security.
Security with a Single Click
You can secure new MapR installations with a single click. Wired encryption and
authentication (including impersonation) for the MapR platform and all supported ecosystem
products are enabled for new installations through the MapR Installer.
- The Enable MapR Secure Cluster option is checked by default for new installations.
- To disable security, deselect Enable MapR Secure Cluster before starting the installation using the MapR Installer. If you need to add security later, you can do so by selecting the option during an Incremental Install operation.
- Note that some exceptions to built-in security may require manual intervention.
NOTE: Before enabling security using the Incremental Install function, be sure to
review the known issue (IN-1084) related to custom certificates. See MapR Installer Known Issues.
Security and Ecosystem Components
Not all ecosystem components can be secured by the MapR Installer. The following table
lists the MEP 4.0.0 ecosystem components that support security when installed using the MapR
Installer or MapR Installer Stanzas:
| Component | Supports Security | Notes |
|---|---|---|
| AsynchHBase | N/A | Security is not applicable. This component acts as a library. |
| Drill | Yes | For more information about Drill security, see Securing Drill. |
| Flume | N/A | Flume is installed as a library but works like a service after the agents are started. For more information, see Configure a Secure MapR-FS Sink. |
| HBase REST / Thrift Gateway | No | Built-in security is not available. |
| Hive | Yes | For more information, see Hive Security. |
| Httpfs | Yes | For more information, see Configuring HttpFS. |
| Hue | Yes | For more information, see Configure Hue with Security. |
| Impala | No | This component can be configured to run on a secure MapR cluster. Security must be configured manually. |
| Kafka-Connect | No | Built-in security is not available. |
| Kafka-REST | Yes | For more information, see User Impersonation and SSL Security Configuration. |
| Livy | No | For more information, see Configure Livy. |
| MapR Installer 1.7 | Yes | For more information, see Using the Enable MapR Secure Cluster Option. |
| Myriad | N/A | This component can be configured to run on a secure MapR cluster. |
| Oozie | Yes | For more information, see Configuring Oozie on a Secure Cluster. |
| Pig | N/A | Security is not applicable. This component acts as a library. |
| Sentry | No | This component can be configured to run on a secure MapR cluster. Security must be configured manually. |
| Spark | Yes | For more information, see Spark configure.sh. |
| Sqoop 1 | N/A | Security is not applicable. This component acts as a library. |
| Sqoop2 | Yes | For more information, see Configuring Sqoop2. |
| Timeline Server | Yes | For more information, see Configuring the Timeline Server to Use the Hive-on-Tez User Interface. |
| MapR Monitoring Components | ||
| collectd | Yes | Communicates over MapR streams. See Spyglass on Streams. |
| ElasticSearch | Yes | For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR. |
| FluentD | Yes | For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR. |
| Grafana | Yes | For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR. |
| Kibana | Yes | For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR. |
| OpenTSDB | Yes | Communicates over MapR streams. See Spyglass on Streams. |