Built-in Security in MapR

Introduces a new security setting for MapR platform and ecosystem security.

Security with a Single Click

You can secure new MapR installations with a single click. Wired encryption and authentication (including impersonation) for the MapR platform and all supported ecosystem products are enabled for new installations through the MapR Installer.
  • The Enable MapR Secure Cluster option is checked by default for new installations.
  • To disable security, deselect Enable MapR Secure Cluster before starting the installation using the MapR Installer. If you need to add security later, you can do so by selecting the option during an Incremental Install operation.
  • Note that some exceptions to built-in security may require manual intervention.
Note: Before enabling security using the Incremental Install function, be sure to review the known issue (IN-1084) related to custom certificates. See MapR Installer Known Issues.


Security and Ecosystem Components

Not all ecosystem components can be secured by the MapR Installer. The following table lists the MEP 4.0.0 ecosystem components that support security when installed using the MapR Installer or MapR Installer Stanzas:
Component Supports Security Notes
AsynchHBase N/A Security is not applicable. This component acts as a library.
Drill Yes For more information about Drill security, see Securing Drill.
Flume N/A Flume is installed as a library but works like a service after the agents are started. For more information, see Configure a Secure MapR-FS Sink.
HBase REST / Thrift Gateway No Built-in security is not available.
Hive Yes For more information, see Hive Security.
Httpfs Yes For more information, see Configuring HttpFS.
Hue Yes For more information, see Configure Hue with Security.
Impala No This component can be configured to run on a secure MapR cluster. Security must be configured manually.
Kafka-Connect No Built-in security is not available.
Kafka-REST Yes For more information, see User Impersonation and SSL Security Configuration.
Livy No For more information, see Configure Livy.
MapR Installer 1.7 Yes For more information, see Using the Enable MapR Secure Cluster Option.
Myriad N/A This component can be configured to run on a secure MapR cluster.
Oozie Yes For more information, see Configuring Oozie on a Secure Cluster.
Pig N/A Security is not applicable. This component acts as a library.
Sentry No This component can be configured to run on a secure MapR cluster. Security must be configured manually.
Spark Yes For more information, see Spark configure.sh.
Sqoop 1 N/A Security is not applicable. This component acts as a library.
Sqoop2 Yes For more information, see Configuring Sqoop2.
Timeline Server Yes For more information, see Configuring the Timeline Server to Use the Hive-on-Tez User Interface.
MapR Monitoring Components    
collectd Yes Communicates over MapR streams. See Spyglass on Streams.
ElasticSearch Yes For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR.
FluentD Yes For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR.
Grafana Yes For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR.
Kibana Yes For additional steps that you can take to enhance security, see Exceptions to Built-in Security in MapR.
OpenTSDB Yes Communicates over MapR streams. See Spyglass on Streams.