Security for Ecosystem Components
Whether you install MapR software by using the MapR Installer or by using manual steps, the platform and its ecosystem components are installed with security ON by default.
MapR Installer: Security with a Single Click
A single option in the MapR Installer controls security for the platform and ecosystem components. The Enable MapR Secure Cluster option is checked by default for new installations.
Before starting a new installation, if you want to disable security for the platform and ecosystem components, you can deselect the Enable MapR Secure Cluster option. Later, after the cluster is installed, if you want to add or remove security, you can select or deselect the option during an Incremental Install operation. For more information, see Enable MapR Secure Cluster.
Manual Installation: Security with configure.sh
When you install a MapR
cluster by using the manual
steps, you configure security on all nodes by using the
configure.sh script with the -secure -genkeys
options, as described
in Enabling Security.
Manual installation also creates a cluster that is secure by default. For individual ecosystem components, additional security measures are supported, depending on the component. See the notes in the following table.
Security and Ecosystem Components
| Component | Supports Secure by Default | Notes |
|---|---|---|
| AsynchHBase | N/A | Security is not applicable. This component acts as a library. |
| Data Access Gateway 2.0 | Yes | For more information, see Understanding the MapR Data Access Gateway. |
| Drill | Yes | For more information about Drill security, see Securing Drill. |
| Flume | No | Flume is installed as a library but works like a service after the agents are started. To configure security for Flume, see Configuring Flume. Security Exceptions notes a security exception for Avro clients. |
| HBase | Yes | For more information, see HBase Configuration Properties. |
| HBase REST / Thrift Gateway | Yes | For more information, see HBase REST Gateway and HBase Thrift Gateway Secured By Default to Use SSL. |
| Hive | Yes | For more information, see Hive Security. |
| Httpfs | Yes | For more information, see Configuring HttpFS. |
| Hue | Yes | For more information, see Configure Hue with Security. |
| Impala | No | This component can be configured to run on a secure MapRdata-fabric cluster. Security must be configured manually. See Impala Security. |
| Kafka-Connect | Yes | For more information, see Worker Configuration. |
| Kafka-REST | Yes | For more information, see User Impersonation and SSL Security Configuration. |
| KSQL | No | For more information, see KSQL Security. |
| Kafka Streams | No | For more information, see Kafka Streams Security. |
| Livy | Yes | For more information, see Configure Livy. |
| MapR Installer | Yes | For more information, see Using the Enable MapR Secure Cluster Option and Using the Enable MapR DARE Option. |
| MapR Object Store with S3-Compatible API | Yes | For more information, see S3 Gateway. |
| Myriad | N/A | This component can be configured to run on a secure MapR cluster. |
| Oozie | Yes | For more information, see Configuring Oozie on a Secure Cluster. |
| Pig | N/A | Security is not applicable. This component acts as a library. |
| Sentry | No | This component can be configured to run on a secure MapR cluster. Security must be configured manually. |
| Spark | Yes | For more information, see Spark configure.sh. |
| Sqoop 1 | N/A | Security is not applicable. This component acts as a library. |
| Sqoop2 | Yes | For more information, see Configuring Sqoop2. |
| Timeline Server | Yes | For more information, see Configuring the Timeline Server to Use the Hive-on-Tez User Interface. |
| MapR Monitoring Components | ||
| collectd | Yes | Communicates over MapR streams. See Spyglass on Streams. |
| ElasticSearch | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| FluentD | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| Grafana | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| Kibana | Yes | For additional steps that you can take to enhance security, see Security Exceptions. |
| OpenTSDB | Yes | Communicates over MapR streams. See Spyglass on Streams. |