Cluster security requirements for DLM-enabled clusters
You must configure a minimum set of security actions on each HDP cluster as part of configuring security for DLM-enabled clusters. You can perform any additional security-related tasks as appropriate for your environment and company policies. You must also have completed the security configuration requirements for clusters used with DPS.
If you will be performing Hive replication with the Data Lifecycle Manager (DLM) service, the following tasks must be completed during cluster installation, prior to configuring Hive.
| Task | Comments | Instructions |
|---|---|---|
| Configure LDAP for Ambari | Configuring Ranger Authentication with UNIX, LDAP, or AD | |
| Configure clusters to point Knox to LDAP | Configuring Ranger Authentication with UNIX, LDAP, or AD | |
| Configure LDAP with Ranger | Configuring Ranger Authentication with UNIX, LDAP, or AD | |
| Configure user synchronization for policy administration | Configure Ranger User Sync | |
| Configure Ranger plugins for Knox | Enabling Ranger Plugins: HDFS, YARN, Hive, Knox | |
| Configure Ranger plugins for Kerberos | Ranger Plugins--Kerberos: HDFS, Hive, Knox | |
| Configure Knox SSO for Ambari | HDP Security Guide, Setting up Knox SSO for Ambari | |
| Configure Knox SSO for Ranger | Setting up Knox SSO for Ranger | |
| Configure Knox SSO for DLM Engine | Perform this task only after installing DLM Engine | See the DLM installation instructions |
| Configure Knox Gateway for proxying | Only required if using Knox proxying; proxying required for wire encryption | Perimeter Security with Apache Knox |