About two years ago, Hortonworks donated the entire code base of about 440,000 lines from its XA Secure acquisition to the Apache Software Foundation (ASF) in order to help jump start Apache Ranger as an Apache Incubator project. Hortonworks made this decision because our enterprise customers need an extensible and robust open source security framework that provides comprehensive authorization, audit, and encryption/ key management capabilities for their Hadoop big data infrastructures. Our customers understand products based on open source projects innovate faster, provide better roadmap clarity and release transparency, and reduce the risk of vendor lock-in. Since those early days, our active contributor community has grown steadily since 2014 when we entered incubation to 22 as of today, with contributors who are affiliated with several large companies. The Apache Ranger community has been laser focused on building and improving a sophisticated but easy to use centralized security console. Apache Ranger enhances administrators’ productivity by enabling them to define, apply, and administer consistent policies across the Hadoop stack by providing a set of rich policy constructs along with comprehensive auditing of all access events from a compliance perspective.
It’s been a rewarding journey, from the first version of Apache Ranger released in November 2014 to now achieving this major open source project milestone. We are excited to report that ASF graduated Apache Ranger to a Top-Level Project (TLP) “signifying that the project’s community and products have been well-governed under the ASF’s meritocratic process and principles.” We extend our hearty congratulations to the Apache Ranger community, without whom TLP status couldn’t have been achieved. This was a great community effort, representing the best of open source and the “Apache Way!”
Apache Ranger is in its fourth release since it was first included in Hortonworks Data Platform (HDP) and is currently in production use at more than a hundred enterprises indicating the maturity, adoption, and validation of our community’s efforts. Given the evolution of Hadoop to cloud and hybrid deployments and the need to secure data in a fine-grained manner across different deployment models, the interest in Apache Ranger comes as no surprise. Below is what some of the users have to say about the role Apache Ranger has played in protecting data at their respective organization, as expressed in the ASF press release:
“As early adopters of Apache Ranger and having contributed to Apache Ranger, we have come to rely upon Apache Ranger as a key part of our security infrastructure for data,” said Ferd Scheepers, Chief Information Architect at ING. “We are therefore pleased to learn that the project has now graduated to a TLP project through the efforts of the Apache community. We believe that Apache Ranger represents the best-in-class Open Source security framework for authorization, encryption management, and auditing across Hadoop ecosystem. We laud the community’s efforts in building an extensible and enterprise grade architecture for Apache Ranger, and for innovative features such as tag or classification based security (built in conjunction with Apache Atlas). We congratulate the Apache Ranger community on achieving this significant milestone and are confident Apache Ranger will evolve into the de-facto standard for security stack across the Hadoop ecosystem.”
As noted above, in this evolution to an Apache TLP, Apache Ranger community has built industry’s first tag based security policy infrastructure for Hadoop ecosystem that provides automatic and dynamic enforcement of policies based on data classification.
Furthermore, as noted in the ASF press release, Apache Ranger has added many advanced security features that provide highly sophisticated data-centric security:
“As heavy users of Apache Ranger in production, we are pleased to see the project become a TLP through validation across community efforts,” said Timothy R. Connor, Big Data & Advanced Analytics Manager at Sprint. “Apache Ranger has built a next generation ABAC model for authorization along with a robust data-centric open source security framework supporting advanced security capabilities such as dynamic row filtering and column masking. All of these point to Apache Ranger maturing into a robust and comprehensive security product for authorization, encryption management, and auditing through the Apache community.”
From inception, Apache Ranger community has strongly advocated for an extensive and healthy partner ecosystem by providing easy extension points as well as comprehensive open API and interfaces for community and partners to add new systems for authorization even if they are outside of Hadoop ecosystem. As noted in the ASF release:
“It’s great to see Apache Ranger become a TLP,” said Dominic Sartorio, Senior Vice President of Products & Development at Protegrity. “Apache Ranger’s comprehensive auditing and broad authorization coverage across the Hadoop ecosystem, along with its highly scalable and extensible architecture and a rich set of APIs, integrates very well with Protegrity’s fine-grained data protection capabilities. Our continued collaboration with the Apache Ranger community will help meet the data security requirements of the next generation of enterprise-grade production Hadoop deployments.”
We would like to congratulate Apache Ranger community once more for achieving this historic milestone! We at Hortonworks look forward to continuing to work closely with the community and our customers to move the project forward. In the next part of this blog, we will highlight some of the key capabilities that the Apache Ranger community has helped build and solidify since the project started in incubation as well as the rationale and applications of those capabilities to securing big data infrastructure.