Apache Ranger

1
What Is Apache Ranger ?

• For data security across the Hadoop platform
• A framework to enable, monitor and manage
  security
• Supports security in
• A multi tenant data lake
• Hadoop eco system
• Open source / Apache 2.0 license
• Administration of security policies
• Monitoring of user access
• Offers central UI and REST API's

2
What Is Apache Ranger ?

• Manage policies for resource access
• File, folder, database, table, column
• Policies for users and groups
• Has audit tracking
• Enables policy analytics
• Offers decentralizing data ownership

3
Ranger Projects

• Which projects does Ranger support ?
• Apache Hadoop
• Apache Hive
• Apache HBase
• Apache Storm
• Apache Knox
• Apache Solr
• Apache Kafka
• YARN
• ATLAS
• No additional OS level process to manage

4
Ranger Enforcement

• Ranger enforces policy with Java plugins
• Which run as part of the same process i.e.
• Namenode (HDFS)
• Hive2Server(Hive)
• HBase server (Hbase)
• Nimbus server (Storm)
• Knox server (Knox)

5
Ranger User Interface
6
Ranger User Interface

• Ranger has a central user interface
• This interface has tabs for
• Access
• Admin
• Log Sessions
• Plugins
• Plugin Status
• User Sync

7
Ranger UI Access Tab

• Provides service activity details
• For policies that have Audit enabled - see
• Policy id, time, user, service, resource, access,
  result,
• ACL, ip, cluster
• Search on
• User, cluster, time, service, result, ip, access,
  acl
• Filter audit data as required to monitor activity

8
Ranger UI Admin Tab

• Provides service administration details
• Shows administration details like
• Operation, audit type, user, date, action,
  session id
• Search on
• Audit type, user, start date, end date, action,
  session id
• Filter administration data to monitor
• Actions like create, update, delete, password
  change

9
Ranger UI Login Sessions Tab

• Provides service login details
• Shows login details like
• Session id, login id, result, login type, ip,
  user agent, time
• Search on
• Login id, session id, start date, end date, login
  type, ip,
• User agent, result
• Filter login data to monitor sessions
• Login type is
• The mode through which the user tries to login

10
Ranger UI Plugin Tab

• Provides plugin security agent details
• Shows plugin details like
• Date, service name, plugin id, ip, http response
  code,
• Status
• Search on
• Plugin ip, plugin id, http response code, start
  / end date
• Service name, cluster name
• The service name is the Hadoop component i.e.
• HDFS, Hive, HBase

11
Ranger UI Plugin Status Tab

• Provides plugin security agent status details
• Shows plugin status details like
• Service name, service type, hostname, plugin ip,
  active date
• Download date, update date, tags
• Search on
• Hostname, plugin ip, service name, service type
• The service name is the Hadoop component i.e.
• HDFS, Hive, HBase

12
Ranger UI User Sync Tab

• Provides user synchronisation activity details
• Provides a compliance audit trail
• Data from File, LDAP/AD or OS
• Filter on
• User name, start / end date, sync source

13
Ranger Install OS / RDBMS

• The install guide shows OS support for
• RHEL / CentOS
• Ubuntu
• SUSE
• Debian
• Ranger supports the following RDBMS
• MySQL
• Oracle
• PostgreSQL
• MS SQL
• For storing policy, user, group, audit log
  information

14
Ranger Pre Requisites

• What does Ranger need prior to install ?
• JDK
• LDAP/AD for user / AD group synchronisation
• RDBMS see previous page
• Kerberos
• Ranger install creates the components
• Admin, UserSync, Key Management Service
• Plugins for Ranger services can then be enabled
  from UI

15
Ranger - Knox / Kerberos / MySQL / HDFS
16
Available Books

• See Big Data Made Easy
• Apress Jan 2015
• See Mastering Apache Spark
• Packt Oct 2015
• See Complete Guide to Open Source Big Data
  Stack
• Apress Jan 2018
• Find the author on Amazon
• www.amazon.com/Michael-Frampton/e/B00NIQDOOM/
• Connect on LinkedIn
• www.linkedin.com/in/mike-frampton-38563020

17
Connect

• Feel free to connect on LinkedIn
• www.linkedin.com/in/mike-frampton-38563020
• See my open source blog at
• open-source-systems.blogspot.com/
• I am always interested in
• New technology
• Opportunities
• Technology based issues
• Big data integration