Security for Ecosystem Components

Whether you install MapR software by using the MapR Installer or by using manual steps, the platform and its ecosystem components are installed with security ON by default.

MapR Installer: Security with a Single Click

A single option in the MapR Installer controls security for the platform and ecosystem components. The Enable MapR Secure Cluster option is checked by default for new installations.

Before starting a new installation, if you want to disable security for the platform and ecosystem components, you can deselect the Enable MapR Secure Cluster option. Later, after the cluster is installed, if you want to add or remove security, you can select or deselect the option during an Incremental Install operation. For more information, see Enable MapR Secure Cluster.

Note: Note that some exceptions to secure by default can require manual intervention. Also, before enabling security using the Incremental Install function, be sure to review the known issue (IN-1084) related to custom certificates. See MapR Installer Known Issues.

Manual Installation: Security with configure.sh

When you install a MapR cluster by using the manual steps, you configure security on all nodes by using the configure.sh script with the -secure -genkeys options, as described in Enabling Security.

Manual installation also creates a cluster that is secure by default. For individual ecosystem components, additional security measures are supported, depending on the component. See the notes in the following table.

Security and Ecosystem Components

The MapR platform and the majority of ecosystem components are installed to be secure by default (with some exceptions). The following table lists the MEP 6.0.0 ecosystem components that are secure by default when installed using the MapR Installer or manual installation steps.
Component Supports Secure by Default Notes
AsynchHBase N/A Security is not applicable. This component acts as a library.
Data Access Gateway 2.0 Yes For more information, see Understanding the MapR Data Access Gateway.
Drill Yes For more information about Drill security, see Securing Drill.
Flume No Flume is installed as a library but works like a service after the agents are started. To configure security for Flume, see Configuring Flume. Security Exceptions notes a security exception for Avro clients.
HBase Yes For more information, see HBase Configuration Properties.
HBase REST / Thrift Gateway Yes For more information, see HBase REST Gateway and HBase Thrift Gateway Secured By Default to Use SSL.
Hive Yes For more information, see Hive Security.
Httpfs Yes For more information, see Configuring HttpFS.
Hue Yes For more information, see Configure Hue with Security.
Impala No This component can be configured to run on a secure MapR cluster. Security must be configured manually. See Impala Security.
Kafka-Connect Yes For more information, see Worker Configuration.
Kafka-REST Yes For more information, see User Impersonation and SSL Security Configuration.
KSQL No For more information, see KSQL Security.
Kafka Streams No For more information, see Kafka Streams Security.
Livy Yes For more information, see Configure Livy.
MapR Installer Yes For more information, see Using the Enable MapR Secure Cluster Option and Using the Enable MapR DARE Option.
MapR Object Store with S3-Compatible API Yes For more information, see MapR Object Store with S3-Compatible API.
Myriad N/A This component can be configured to run on a secure MapR cluster.
Oozie Yes For more information, see Configuring Oozie on a Secure Cluster.
Pig N/A Security is not applicable. This component acts as a library.
Sentry No This component can be configured to run on a secure MapR cluster. Security must be configured manually.
Spark Yes For more information, see Spark configure.sh.
Sqoop 1 N/A Security is not applicable. This component acts as a library.
Sqoop2 Yes For more information, see Configuring Sqoop2.
Timeline Server Yes For more information, see Configuring the Timeline Server to Use the Hive-on-Tez User Interface.
MapR Monitoring Components
collectd Yes Communicates over MapR streams. See Spyglass on Streams.
ElasticSearch Yes For additional steps that you can take to enhance security, see Security Exceptions.
FluentD Yes For additional steps that you can take to enhance security, see Security Exceptions.
Grafana Yes For additional steps that you can take to enhance security, see Security Exceptions.
Kibana Yes For additional steps that you can take to enhance security, see Security Exceptions.
OpenTSDB Yes Communicates over MapR streams. See Spyglass on Streams.