MapR has introduced native security authentication and authorization for the MapR Distribution for Apache Hadoop. MapR’s security enhancments are aimed at enabling businesses to secure all of the Hadoop ecosystem components through a self-contained security model that provides protection against security threats including user impersonation, rogue daemons and malicious remote procedure calls. With MapR’s strong, wire-level authentication, all access control on tables, columns, jobs, queues and volumes are protected. MapR’s native authentication also protects ecosystem projects such as Apache Hive and Drill.
Kerberos authentication or native Hadoop authentication scheme
Organizations have the flexibility to choose between an existing Kerberos authentication scheme and a native Hadoop authentication scheme.
With this release, MapR integrates transparently with Kerberos but in addition, clients that don’t have Kerberos installed or don’t want to deploy it in some departmental application, are also provided with a native authentication option that works in a similar way and requires a user name and password and checks and integrates with the centralized enterprise directory service such as Active Directory or LDAP, explains Jack Norris, chief marketing officer of MapR, in an interview. “From that point on, all the communication to and across the Hadoop cluster is strongly authenticated. It is a very straightforward and simple process because of the architectural changes that we did within the platform - and it also raises the boat of all the security capabilities and components that are available throughout the ecosystem.”
Broad security capabilities
MapR’s native security of all operations on Hadoop, includes file reads and writes, HBase operations and MapReduce job submissions. In addition, cluster node-node interactions including remote procedure calls are also secured natively.
Hadoop initiates and maintains secure communication across the cluster without requiring third-party infrastructure. Users are authenticated through a simple and secure username/password mechanism that integrates into standard enterprise directory services including LDAP, Active Directory and NIS. All cluster nodes authenticate and interact with each other through secure keys.
Expanded security essential for regulated industries
“The feedback we got from customers in financial services, healthcare, and government is that they were looking for something that was much easier to deploy, and was deeply integrated into Hadoop, and as simple for clients and administrators as simple as web-based applications for online banking. This is the design criteria we brought to this,” said Norris.
While MapR did not see security as an initial barrier for adoption within organizations, it has constrained the use cases and constrained how it was deployed, noted Norris. “With this security and, particularly with this native security, now it can broaden across the organization for more sensitive data and more sensitive applications.”
The MapR Distribution for Apache Hadoop with native authentication is now in beta. For more information about MapR’s security innovations, visit www.mapr.com.