Security for Ecosystem Components

Whether you install MapR software by using the MapR Installer or by using manual steps, the platform and its ecosystem components are installed with security ON by default.

MapR Installer: Security with a Single Click

A single option in the MapR Installer controls security for the platform and ecosystem components. The Enable MapR Secure Cluster option is checked by default for new installations.

To disable security, you can deselect Enable MapR Secure Cluster before starting the installation using the MapR Installer. If you need to add security later, you can do so by selecting the option during an Incremental Install operation.

Note: Note that some exceptions to secure by default can require manual intervention. Also, before enabling security using the Incremental Install function, be sure to review the known issue (IN-1084) related to custom certificates. See MapR Installer Known Issues.

Manual Installation: Security with configure.sh

When you install a MapR cluster using the manual steps, you configure security on all nodes by using the configure.sh script with the -secure -genkeys options, as described in Enabling Security.

Manual installation also creates a cluster that is secure by default. For individual ecosystem components, additional security measures are supported, depending on the component. See the notes in the following table.

Security and Ecosystem Components

The MapR platform and the majority of ecosystem components are installed to be secure by default (with some exceptions). The following table lists the MEP 6.0.0 ecosystem components that are secure by default when installed using the MapR Installer or manual installation steps.
Component Supports Secure by Default Notes
AsynchHBase N/A Security is not applicable. This component acts as a library.
Data Access Gateway 2.0 Yes For more information, see Understanding the MapR Data Access Gateway.
Drill Yes For more information about Drill security, see Securing Drill.
Flume No Flume is installed as a library but works like a service after the agents are started. To configure security for Flume, see Configuring Flume. Security Exceptions notes a security exception for Avro clients.
HBase REST / Thrift Gateway Yes For more information, see HBase REST Gateway and HBase Thrift Gateway Secured By Default to use SSL.
Hive Yes For more information, see Hive Security.
Httpfs Yes For more information, see Configuring HttpFS.
Hue Yes For more information, see Configure Hue with Security.
Impala No This component can be configured to run on a secure MapR cluster. Security must be configured manually. See Impala Security.
Kafka-Connect Yes For more information, see Worker Configuration.
Kafka-REST Yes For more information, see User Impersonation and SSL Security Configuration.
KSQL No For more information, see KSQL Security.
Kafka Streams No For more information, see Kafka Streams Security.
Livy Yes For more information, see Configure Livy.
MapR Installer Yes For more information, see Using the Enable MapR Secure Cluster Option and Using the Enable MapR DARE Option.
Myriad N/A This component can be configured to run on a secure MapR cluster.
Oozie Yes For more information, see Configuring Oozie on a Secure Cluster.
Pig N/A Security is not applicable. This component acts as a library.
S3server Yes For more information, See Understanding the MapR Object Store Authorization Model.
Sentry No This component can be configured to run on a secure MapR cluster. Security must be configured manually.
Spark Yes For more information, see Spark configure.sh.
Sqoop 1 N/A Security is not applicable. This component acts as a library.
Sqoop2 Yes For more information, see Configuring Sqoop2.
Timeline Server Yes For more information, see Configuring the Timeline Server to Use the Hive-on-Tez User Interface.
MapR Monitoring Components    
collectd Yes Communicates over MapR streams. See Spyglass on Streams.
ElasticSearch Yes For additional steps that you can take to enhance security, see Security Exceptions.
FluentD Yes For additional steps that you can take to enhance security, see Security Exceptions.
Grafana Yes For additional steps that you can take to enhance security, see Security Exceptions.
Kibana Yes For additional steps that you can take to enhance security, see Security Exceptions.
OpenTSDB Yes Communicates over MapR streams. See Spyglass on Streams.