Security for Ecosystem Components

Whether you install data-fabric software by using the Installer or by using manual steps, the platform and its ecosystem components are installed with security ON by default.

Installer: Security with a Single Click

A single option in the Installer controls security for the platform and ecosystem components. The Enable MapR Secure Cluster option is checked by default for new installations.

Before starting a new installation, if you want to disable security for the platform and ecosystem components, you can deselect the Enable MapR Secure Cluster option. Later, after the cluster is installed, if you want to add or remove security, you can select or deselect the option during an Incremental Install operation. For more information, see Enable Data Fabric Secure Cluster.

NOTE Note that some exceptions to secure by default can require manual intervention. Also, before enabling security using the Incremental Install function, be sure to review the known issue (IN-1084) related to custom certificates. See Installer Known Issues.

Manual Installation: Security with configure.sh

When you install a data-fabric cluster by using the manual steps, you configure security on all nodes by using the configure.sh script with the -secure -genkeys options, as described in Enabling Security.

Manual installation also creates a cluster that is secure by default. For individual ecosystem components, additional security measures are supported, depending on the component. See the notes in the following table.

Security and Ecosystem Components

The data-fabric platform and the majority of ecosystem components are installed to be secure by default (with some exceptions). The following table lists the EEP 6.0.0 ecosystem components that are secure by default when installed using the Installer or manual installation steps.
Component Supports Secure by Default Notes
AsynchHBase N/A Security is not applicable. This component acts as a library.
Data Access Gateway 2.0 Yes For more information, see Understanding the HPE Ezmeral Data Fabric Data Access Gateway.
Drill Yes For more information about Drill security, see Securing Drill.
Flume No Flume is installed as a library but works like a service after the agents are started. To configure security for Flume, see Configuring Flume. Security Exceptions notes a security exception for Avro clients.
HBase Yes For more information, see HBase Configuration Properties.
HBase REST / Thrift Gateway Yes For more information, see HBase REST Gateway and HBase Thrift Gateway Secured By Default to Use SSL.
Hive Yes For more information, see Hive Security.
Httpfs Yes For more information, see Configuring HttpFS.
Hue Yes For more information, see Configure Hue with Security.
Impala No This component can be configured to run on a secure data-fabric cluster. Security must be configured manually. See Impala Security.
Kafka-Connect Yes For more information, see Worker Configuration.
Kafka-REST Yes For more information, see User Impersonation and SSL Security Configuration.
KSQL Yes For more information, see KSQL Security.
Kafka Streams No For more information, see Kafka Streams Security.
Livy Yes For more information, see Configure Livy.
MapR Installer Yes For more information, see Using the Enable MapR Secure Cluster Option and Using the Enable MapR DARE Option.
Data Fabric Object Store with S3-Compatible API Yes For more information, see S3 Gateway.
Oozie Yes For more information, see Configuring Oozie on a Secure Cluster.
Pig N/A Security is not applicable. This component acts as a library.
Schema Registry Yes For more information, see Security Parameters.
Sentry No This component can be configured to run on a secure data-fabric cluster. Security must be configured manually.
Spark Yes For more information, see Spark configure.sh.
Sqoop 1 N/A Security is not applicable. This component acts as a library.
Timeline Server Yes For more information, see Configuring the Timeline Server to Use the Hive-on-Tez User Interface.
Data Fabric Monitoring Components
collectd Yes Communicates over data-fabric streams. See Spyglass on Streams.
ElasticSearch Yes For additional steps that you can take to enhance security, see Security Exceptions.
FluentD Yes For additional steps that you can take to enhance security, see Security Exceptions.
Grafana Yes For additional steps that you can take to enhance security, see Security Exceptions.
Kibana Yes For additional steps that you can take to enhance security, see Security Exceptions.
OpenTSDB Yes Communicates over data-fabric streams. See Spyglass on Streams.