Cloudera Runtime Security and Governance

Cloudera Runtime security and governance is managed by Apache Ranger, Apache Knox, and Apache Atlas.

Apache Ranger

Apache Ranger manages access control through a user interface that ensures consistent policy administration in CDP clusters.

Security administrators can define security policies at the database, table, column, and file levels, and can administer permissions for groups or individual users. Rules based on dynamic conditions such as time or geolocation can also be added to an existing policy rule. Ranger security zones enable you to organize service resources into multiple security zones.

Ranger also provides a centralized framework for collecting access audit history and reporting data, including filtering on various parameters.

Apache Knox

The Apache Knox Gateway (“Knox”) is a system to extend the reach of Apache™ Hadoop® services to users outside of a Hadoop cluster without reducing Hadoop Security. Knox also simplifies Hadoop security for users who access the cluster data and run jobs. The Knox Gateway is designed as a reverse proxy.

Establishing user identity with strong authentication is the basis for secure access in Hadoop. Users need to reliably identify themselves and then have that identity propagated throughout the Hadoop cluster to access cluster resources.

Apache Atlas

Apache Atlas provides a set of metadata management and governance services that enable you to manage CDP cluster assets.

  • Search and Proscriptive Lineage – facilitates pre-defined and ad hoc exploration of data and metadata, while maintaining a history of data sources and how specific data was generated.
  • Ranger plugin for metadata-driven data access control.
  • Flexible modeling of both business and operational data.
  • Data Classification – helps you understand the nature of the data within Hadoop and classify it based on external and internal sources.

Apache Solr

Apache Solr is used as infrastructure by Ranger and Atlas to store and serve audit and governance information. Documentation refers to the Solr service Ranger and Atlas depends on as Infra Solr. You are recommended to separate other workloads from Infra Solr usage into a different Solr service. You find documentation on other supported workloads integrated with Solr under Cloudera Search.