ADPS

Arenadata Platform Security (ADPS) is a service for centralized management of group security policies in an Apache Hadoop cluster. ADPS is based on Apache Ranger, an infrastructure for monitoring and managing complex data security on the Hadoop platform. ADPS provides a comprehensive approach to safety in the following key areas:

  • authentication;

  • authorization (access control);

  • security auditing and monitoring;

  • data protection.

Authentication

ADPS provides a single authentication point for services and users. The authentication point integrates with existing enterprise identity and access systems. ADPS supports the following authentication services:

  • MIT Kerberos;

  • AD/LDAP;

  • local Unix system.

Authorization (Access control)

ADPS provides features that allow system administrators to control access to Hadoop data via the role-based authorization. ADPS supports the following authorization models:

  • fine-grained access control for the data stored in HDFS;

  • resource-level access control for YARN;

  • service-level access control for MapReduce operations;

  • table/column family-level access control for HBase data, and extended ACLs for cell-level control with Accumulo;

  • table-level access control for Apache Hive datasets.

Security auditing and monitoring

ADPS allows tracking Hadoop activity using Native Auditing (audit logs). You can also use the perimeter security auditing logs from the Knox Gateway and a central location of the ADPS Security Administration console, including:

  • access requests;

  • data processing operations;

  • data changes.

Data protection

ADPS provides mechanisms for the real-time data encryption. ADPS does not require partner solutions for encrypting data at rest, data discovery, and data masking. ADPS supports the following wire encryption methods:

  • SSL for ADPS components. This mode is not suitable for all environments and stack services, in particular, there may be problems with the interaction of internal services when using this protocol.

  • RPC encryption.

  • Data Transfer Protocol encryption.

Found a mistake? Seleсt text and press Ctrl+Enter to report it