Apache Ranger is an open-source framework designed for data security across the Hadoop ecosystem, allowing users to manage, monitor, and enforce security policies for various resources. It includes a centralized user interface for policy management, auditing, and user synchronization, and supports multiple Hadoop projects. Ranger requires certain prerequisites for installation, including specific operating systems and databases, to facilitate effective data security management.

1. What Is Apache Ranger ?
● For data security across the Hadoop platform
● A framework to enable, monitor and manage security
● Supports security in
– A multi tenant data lake
– Hadoop eco system
● Open source / Apache 2.0 license
● Administration of security policies
● Monitoring of user access
● Offers central UI and REST API's

2. What Is Apache Ranger ?
● Manage policies for resource access
– File, folder, database, table, column
● Policies for users and groups
● Has audit tracking
● Enables policy analytics
● Offers decentralizing data ownership

3. Ranger Projects
● Which projects does Ranger support ?
– Apache Hadoop
– Apache Hive
– Apache HBase
– Apache Storm
– Apache Knox
– Apache Solr
– Apache Kafka
– YARN
– ATLAS
● No additional OS level process to manage

4. Ranger Enforcement
● Ranger enforces policy with Java plugins
● Which run as part of the same process i.e.
– Namenode (HDFS)
– Hive2Server(Hive)
– HBase server (Hbase)
– Nimbus server (Storm)
– Knox server (Knox)

5. Ranger User Interface

6. Ranger User Interface
● Ranger has a central user interface
● This interface has tabs for
– Access
– Admin
– Log Sessions
– Plugins
– Plugin Status
– User Sync

7. Ranger UI Access Tab
● Provides service activity details
● For policies that have Audit enabled - see
– Policy id, time, user, service, resource, access, result,
– ACL, ip, cluster
● Search on
– User, cluster, time, service, result, ip, access, acl
● Filter audit data as required to monitor activity

8. Ranger UI Admin Tab
● Provides service administration details
● Shows administration details like
– Operation, audit type, user, date, action, session id
● Search on
– Audit type, user, start date, end date, action, session id
● Filter administration data to monitor
– Actions like create, update, delete, password change

9. Ranger UI Login Sessions Tab
● Provides service login details
● Shows login details like
– Session id, login id, result, login type, ip, user agent, time
● Search on
– Login id, session id, start date, end date, login type, ip,
– User agent, result
● Filter login data to monitor sessions
● Login type is
– The mode through which the user tries to login

10. Ranger UI Plugin Tab
● Provides plugin security agent details
● Shows plugin details like
– Date, service name, plugin id, ip, http response code,
– Status
● Search on
– Plugin ip, plugin id, http response code, start / end date
– Service name, cluster name
● The service name is the Hadoop component i.e.
– HDFS, Hive, HBase

11. Ranger UI Plugin Status Tab
● Provides plugin security agent status details
● Shows plugin status details like
– Service name, service type, hostname, plugin ip, active date
– Download date, update date, tags
● Search on
– Hostname, plugin ip, service name, service type
● The service name is the Hadoop component i.e.
– HDFS, Hive, HBase

12. Ranger UI User Sync Tab
● Provides user synchronisation activity details
● Provides a compliance audit trail
● Data from File, LDAP/AD or OS
● Filter on
– User name, start / end date, sync source

13. Ranger Install OS / RDBMS
● The install guide shows OS support for
– RHEL / CentOS
– Ubuntu
– SUSE
– Debian
● Ranger supports the following RDBMS
– MySQL
– Oracle
– PostgreSQL
– MS SQL
● For storing policy, user, group, audit log information

14. Ranger Pre Requisites
● What does Ranger need prior to install ?
– JDK
– LDAP/AD for user / AD group synchronisation
– RDBMS – see previous page
– Kerberos
● Ranger install creates the components
– Admin, UserSync, Key Management Service
● Plugins for Ranger services can then be enabled from UI

15. Ranger - Knox / Kerberos / MySQL / HDFS

16. Available Books
● See “Big Data Made Easy”
– Apress Jan 2015
●
See “Mastering Apache Spark”
– Packt Oct 2015
●
See “Complete Guide to Open Source Big Data Stack
– “Apress Jan 2018”
● Find the author on Amazon
– www.amazon.com/Michael-Frampton/e/B00NIQDOOM/
●
Connect on LinkedIn
– www.linkedin.com/in/mike-frampton-38563020

17. Connect
● Feel free to connect on LinkedIn
– www.linkedin.com/in/mike-frampton-38563020
● See my open source blog at
– open-source-systems.blogspot.com/
● I am always interested in
– New technology
– Opportunities
– Technology based issues
– Big data integration