Cluster security requirements for DLM-enabled clusters
You must configure a minimum set of security actions on each HDP cluster as part of configuring security for DLM-enabled clusters. You can perform any additional security-related tasks as appropriate for your environment and company policies. You must also have completed the security configuration requirements for clusters used with DPS.
If you are performing Hive replication with the Data Lifecycle Manager (DLM) service, ensure that the following tasks were completed during cluster installation. You must configure Ambari Ranger on clusters used in replicating Hive databases.
| Task | Comments | Instructions |
|---|---|---|
| Configure LDAP with Ranger | Only required if using Ranger with DLM | Configuring Ranger Authentication with UNIX, LDAP, or AD |
| Configure user synchronization for policy administration | Only required if using Ranger with DLM | Configure Ranger User Sync |
| Configure Ranger plugins for Knox | Only required if using Ranger with DLM | Enabling Ranger Plugins: HDFS, YARN, Hive, Knox |
| Configure Ranger plugins for Kerberos | Only required if using Ranger with DLM | Ranger Plugins--Kerberos: HDFS, Hive, Knox |
| Configure Knox SSO for Ranger | Only required if using Ranger with DLM | Setting up Knox SSO for Ranger |
| Configure Knox Gateway for proxying | Only required if using Knox proxying; proxying required for wire encryption | Perimeter Security with Apache Knox |