HDP Champlain and Argus

HDP Champlain and Argus

About Argus ?

Argus is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.The vision with Argus is to provide comprehensive security across the Apache Hadoop ecosystem.

With the advent of Apache YARN, the Hadoop platform can now support a true data lake architecture. Enterprises can potentially run multiple workloads, in a multi tenant environment. Data security within Hadoop needs to evolve to support multiple use cases for data access, while also providing a framework for central administration of security policies and monitoring of user access.

Argus will deliver this comprehensive approach to central security policy administration across the core enterprise security requirements of authentication, authorization, accounting and data protection. It already extends baseline features for coordinated enforcement across Hadoop workloads from batch, interactive SQL and real–time IN Hadoop.

The extensible architecture of this security platform is leveraged to apply policies consistently against additional Hadoop ecosystem components (beyond HDFS, Hive, and HBase) including Storm, Solr, Spark, and more. It truly represents a major step forward for the Hadoop ecosystem by providing a comprehensive approach – all completely as open source.

CENTRAL SECURITY ADMINISTRATION

  • Delivers a ‘single pane of glass’ for the security administrator
  • Centralizes administration of security policy
  • Ensures consistent coverage across the entire Hadoop stack

Authorization Policies can be setup through the Ambari console Policy Manger UI. Argus stores the policies centrally and enforecement happen at each component level. Along with enforcement, audit data is also collected for each of the request that comes in providing a detailed audit data at one place from which reports can be generated.

Under the Hood - How it works ?

An Administration Portal is provided which sits on top of an audit server and policy server. The policy server has a policy DB where the policies are stored and this is then transported to plugins. Ideally, the plugins pull these policies at regular intervals, which sit within each component and provides the enforcement. Currenlty HBASE / HIVE & HDFS plugins are available, and also for KNOX & STORM as part of the Champlain release.

Argus Integration

Reference - www.Hortonworks.com