With Apache Hadoop YARN as its architectural center, Apache Hadoop continues to attract new engines to run within the data platform, as organizations want to efficiently store their data in a single repository and interact with it in different ways. As YARN propels Hadoop’s emergence as a business-critical data platform, the enterprise requires more stringent data security capabilities. Apache Ranger provides many of these, with central security policy administration across authorization, accounting and data protection.
On November 17, the community announced the release of Apache Ranger 0.4.0. With this release, the team closed 163 JIRA tickets. Ranger 0.4.0 delivers many new features, fixes and enhancements, chief among those are:
This blog gives a brief overview of features in Apache Ranger 0.40 and also looks ahead to future plans.
In May of this year, Hortonworks acquired XA Secure to accelerate the delivery of a holistic, centralized and completely open-source approach to Hadoop security. Hortonworks took the proprietary XA Secure technology and contributed it to the Apache Software Foundation. This approach to investing in the tech highlights Hortonworks’ consistent and unwavering commitment to 100% open enterprise Hadoop. XA Secure was one of the first solutions to provide centralized security administration for Hadoop. The Apache Ranger community began with the code contributed by Hortonworks and added other features as part of this release.
The first release of Apache Ranger is an important milestone in the evolution of Hadoop into a mature enterprise-ready platform. Enterprise users can now securely store all types of data and run multiple workloads with different users, leveraging Ranger’s centralized security administration with fine-grain authorization and on-demand audit data. The community can now innovate to further deliver advanced security capabilities, in a way only possible with an open source platform.
Apache Ranger now supports administration of access policies for Apache Knox and Apache Storm, extending the Ranger policy administration portal beyond previous support for HDFS, Apache HBase and Apache Hive. Now users can also view audit information for both Storm and Knox in the Ranger portal.
Enterprise security administrators can now use REST APIs to create, update and delete security policies. This allows enterprise users and partners to integrate Hadoop security into their existing entitlement stores and update policies using their own tools. REST APIs open the door for extended adoption of Ranger within the ecosystem.
Lower latency and faster transaction speeds within Hadoop means an increase in the volume of audit events. To meet this growing need, Apache Ranger now offers the flexibility to store audit logs in HDFS. This leverages Hadoop’s reliable and scalable infrastructure to store and process the underlying audit events. Ranger stores the audit logs in a secure location, only accessible to privileged users.
The release would not have been possible without excellent contributions from the dedicated, talented community members. The community plans continued execution on the vision of providing comprehensive security within the Hadoop ecosystem, with the plan to extend support to Apache Solr, Kafka, and Spark. We also intend to streamline other areas of security, including authentication and encryption. In the coming weeks, we plan to publish a detailed roadmap on the Ranger wiki or through Apache JIRAs.