Your browser is out of date

Update your browser to view this website correctly. Update my browser now

×

Apache Ranger

Apache Ranger 为 Hadoop 群集实现全面的安全措施。Apache Phoenix 提供了一个集中平台,可以跨 Hadoop 组件一致性地定义、控制和管理安全策略。

Ranger 可以做什么

Apache Ranger提供了集中的安全框架来管理细粒度的访问控制:

通过使用 Apache Ranger 控制台,安全管理员可以轻松管理文件、文件夹、数据库、表或列的访问策略。可以针对单个用户或用户组设置这些策略,然后在 HDP 堆栈中一致性地实施。

Ranger 密钥管理服务(Ranger KMS)针对HDFS “静态数据” 加密提供了可扩展的加密密钥管理服务。Ranger KMS 是基于最初由 Apache 社区开发的 Hadoop KMS 构建的,并通过允许系统管理员将密钥存储在安全数据库中来扩展本机 Hadoop KMS 功能。

Ranger 还通过集中审计定位功能为安全管理员提供对其 Hadoop 环境的深入了解,该定位功能可以实时跟踪所有访问请求并支持多个目标源,其中包括 HDFS 和 Solr。

Ranger 可以做什么

Apache Ranger 具有分散式的体系架构,包含以下内部组件:

Component Description
Ranger admin portal The Ranger Admin portal is the central interface for security administration. Users can create and update policies, which are then stored in a policy database. Plugins within each component poll these policies at regular intervals. The portal also consists of an audit server that sends audit data collected from the plugins for storage in HDFS or in a relational database.
Ranger plugins Plugins are lightweight Java programs which embed within processes of each cluster component. For example, the Apache Ranger plugin for Apache Hive is embedded within Hiveserver2. These plugins pull in policies from a central server and store them locally in a file. When a user request comes through the component, these plugins intercept the request and evaluate it against the security policy. Plugins also collect data from the user request and follow a separate thread to send this data back to the audit server.
User group sync Apache Ranger provides a user synchronization utility to pull users and groups from Unix or from LDAP or Active Directory. The user or group information is stored within Ranger portal and used for policy definition.

Ranger 既可以手动部署,也可以使用 Ambari 进行部署(Ambari 2.0 版本开始支持)。

Your form submission has failed.

This may have been caused by one of the following:

  • Your request timed out
  • A plugin/browser extension blocked the submission. If you have an ad blocking plugin please disable it and close this message to reload the page.