You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by Hellmar Becker <be...@hellmar-becker.de> on 2015/01/13 09:46:13 UTC

Question about Ranger architecture

Good morning,

We are planning to use Ranger to secure our (Hortonworks based)  
datalake at ING Bank. In this context, a few questions came up:

- I read that Ranger deploys plugins to the HDFS, Hive, and HBase  
services that implement access control. Do these plugins run as  
separate processes or more like dynamic libraries inside the main  
service?
- What happens if one of the plugins goes down or becomes unavailable?  
Will the services then be unsecured, or closed to all, or even unable  
to run?

Kind regards,
Hellmar Becker


========================================
Hellmar Becker
Edmond Audranstraat 55
NL-3543BG Utrecht
mail: becker@hellmar-becker.de
mobile: +31 6 29986670
========================================

Re: Question about Ranger architecture

Posted by Alok Lal <al...@hortonworks.com>.

Let me build on to what Gautam has said, anticipating a question that you
may have given that our plugins run in-process.  Plugins do rely on the
policy manager (a Separate process running on some different machine on the
cluster) to get updates to policies.  What happens if a plugins can't read
the policy server?  The plugins keep a snapshot of last known valid set of
policies in a durable local cache and hence are resilient to network
partitions that may make policy manager unreachable.

Best,

On Tue, Jan 13, 2015 at 4:21 AM, Gautam Borad <gb...@gmail.com> wrote:

> Hi Hellmar,
>     Good to know that you are planning to use Ranger. Please find my
> answers inline.
>
> On Tue, Jan 13, 2015 at 2:16 PM, Hellmar Becker <be...@hellmar-becker.de>
> wrote:
>
> > Good morning,
> >
> > We are planning to use Ranger to secure our (Hortonworks based) datalake
> > at ING Bank. In this context, a few questions came up:
> >
> > - I read that Ranger deploys plugins to the HDFS, Hive, and HBase
> services
> > that implement access control. Do these plugins run as separate processes
> > or more like dynamic libraries inside the main service?
> >
>
> These plugins run as part of the component (namenode, master, etc)
> processes. There is no separate process that is run.
>
>
> > - What happens if one of the plugins goes down or becomes unavailable?
> > Will the services then be unsecured, or closed to all, or even unable to
> > run?
> >
> >
> As mentioned above, since after installation the plugins are part of the
> actual process, there is no scenario where the "plugins" will go down.
>
>
> > Kind regards,
> > Hellmar Becker
> >
> >
> > ========================================
> > Hellmar Becker
> > Edmond Audranstraat 55
> > NL-3543BG Utrecht
> > mail: becker@hellmar-becker.de
> > mobile: +31 6 29986670
> > ========================================
> >
> >
>
>
> --
> Regards,
> Gautam.
>



-- 
"* ... there is nothing more secure then a computer which is not connected
to the network --- and powered off!...*" - from Kerberos Introduction
<http://web.mit.edu/Kerberos/www/#what_is>

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Re: Question about Ranger architecture

Posted by Gautam Borad <gb...@gmail.com>.

Hi Hellmar,
    Good to know that you are planning to use Ranger. Please find my
answers inline.

On Tue, Jan 13, 2015 at 2:16 PM, Hellmar Becker <be...@hellmar-becker.de>
wrote:

> Good morning,
>
> We are planning to use Ranger to secure our (Hortonworks based) datalake
> at ING Bank. In this context, a few questions came up:
>
> - I read that Ranger deploys plugins to the HDFS, Hive, and HBase services
> that implement access control. Do these plugins run as separate processes
> or more like dynamic libraries inside the main service?
>

These plugins run as part of the component (namenode, master, etc)
processes. There is no separate process that is run.


> - What happens if one of the plugins goes down or becomes unavailable?
> Will the services then be unsecured, or closed to all, or even unable to
> run?
>
>
As mentioned above, since after installation the plugins are part of the
actual process, there is no scenario where the "plugins" will go down.


> Kind regards,
> Hellmar Becker
>
>
> ========================================
> Hellmar Becker
> Edmond Audranstraat 55
> NL-3543BG Utrecht
> mail: becker@hellmar-becker.de
> mobile: +31 6 29986670
> ========================================
>
>


-- 
Regards,
Gautam.