You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Hellmar Becker <be...@hellmar-becker.de> on 2015/01/13 09:46:13 UTC
Question about Ranger architecture
Good morning,
We are planning to use Ranger to secure our (Hortonworks based)
datalake at ING Bank. In this context, a few questions came up:
- I read that Ranger deploys plugins to the HDFS, Hive, and HBase
services that implement access control. Do these plugins run as
separate processes or more like dynamic libraries inside the main
service?
- What happens if one of the plugins goes down or becomes unavailable?
Will the services then be unsecured, or closed to all, or even unable
to run?
Kind regards,
Hellmar Becker
========================================
Hellmar Becker
Edmond Audranstraat 55
NL-3543BG Utrecht
mail: becker@hellmar-becker.de
mobile: +31 6 29986670
========================================
Re: Question about Ranger architecture
Posted by Alok Lal <al...@hortonworks.com>.
Let me build on to what Gautam has said, anticipating a question that you
may have given that our plugins run in-process. Plugins do rely on the
policy manager (a Separate process running on some different machine on the
cluster) to get updates to policies. What happens if a plugins can't read
the policy server? The plugins keep a snapshot of last known valid set of
policies in a durable local cache and hence are resilient to network
partitions that may make policy manager unreachable.
Best,
On Tue, Jan 13, 2015 at 4:21 AM, Gautam Borad <gb...@gmail.com> wrote:
> Hi Hellmar,
> Good to know that you are planning to use Ranger. Please find my
> answers inline.
>
> On Tue, Jan 13, 2015 at 2:16 PM, Hellmar Becker <be...@hellmar-becker.de>
> wrote:
>
> > Good morning,
> >
> > We are planning to use Ranger to secure our (Hortonworks based) datalake
> > at ING Bank. In this context, a few questions came up:
> >
> > - I read that Ranger deploys plugins to the HDFS, Hive, and HBase
> services
> > that implement access control. Do these plugins run as separate processes
> > or more like dynamic libraries inside the main service?
> >
>
> These plugins run as part of the component (namenode, master, etc)
> processes. There is no separate process that is run.
>
>
> > - What happens if one of the plugins goes down or becomes unavailable?
> > Will the services then be unsecured, or closed to all, or even unable to
> > run?
> >
> >
> As mentioned above, since after installation the plugins are part of the
> actual process, there is no scenario where the "plugins" will go down.
>
>
> > Kind regards,
> > Hellmar Becker
> >
> >
> > ========================================
> > Hellmar Becker
> > Edmond Audranstraat 55
> > NL-3543BG Utrecht
> > mail: becker@hellmar-becker.de
> > mobile: +31 6 29986670
> > ========================================
> >
> >
>
>
> --
> Regards,
> Gautam.
>
--
"* ... there is nothing more secure then a computer which is not connected
to the network --- and powered off!...*" - from Kerberos Introduction
<http://web.mit.edu/Kerberos/www/#what_is>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: Question about Ranger architecture
Posted by Gautam Borad <gb...@gmail.com>.
Hi Hellmar,
Good to know that you are planning to use Ranger. Please find my
answers inline.
On Tue, Jan 13, 2015 at 2:16 PM, Hellmar Becker <be...@hellmar-becker.de>
wrote:
> Good morning,
>
> We are planning to use Ranger to secure our (Hortonworks based) datalake
> at ING Bank. In this context, a few questions came up:
>
> - I read that Ranger deploys plugins to the HDFS, Hive, and HBase services
> that implement access control. Do these plugins run as separate processes
> or more like dynamic libraries inside the main service?
>
These plugins run as part of the component (namenode, master, etc)
processes. There is no separate process that is run.
> - What happens if one of the plugins goes down or becomes unavailable?
> Will the services then be unsecured, or closed to all, or even unable to
> run?
>
>
As mentioned above, since after installation the plugins are part of the
actual process, there is no scenario where the "plugins" will go down.
> Kind regards,
> Hellmar Becker
>
>
> ========================================
> Hellmar Becker
> Edmond Audranstraat 55
> NL-3543BG Utrecht
> mail: becker@hellmar-becker.de
> mobile: +31 6 29986670
> ========================================
>
>
--
Regards,
Gautam.