× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

Re: Centrify's Privileged Identity Management Solution for Big Data

Centrify's Privileged Identity Management Solution for Big Data

By Centrify Contributor I on ‎09-04-2015 04:16 PM

Over the last few years as you know we have been working with 40+ enterprises accross 6 major industry verticals to enable Hadoop cluster move to production by securing the clusters from cyber threats. 

 

Centrify's Server Suite Secures Hadoop by proividing: 

1.AD-based IAM for Hadoop environments

2.Machine & service account management

3.SSO for IT admins & data scientists

4.Role-based privilege management

5.Session auditing for regulatory compliance

 

Attached below the latest integration guides for each of the 3 vendors - Cloudera, Hortonworks, MapR.  We've made updates to our old guides (1, 2, 3).

Comments
By Centrify
on ‎12-31-2015 07:59 AM

Note: The centrify.mapr.pdf was based on MapR 4.1 and Centrify Suite 2015.1.  We have verified the securing procedure applies to MapR 5.0 and Centrify Suite 2016. 

By Centrify Contributor I
on ‎04-11-2016 04:44 PM - last edited ‎04-20-2016 01:25 PM

Excited to publish an updated version of Centrify + Hadoop guides.

 

Please find attached the latest guides for Hortonworks, Cloudera & MapR here

 

We will update docs.centrify.com soon with the latest guides as well.

By tomas47966
on ‎07-13-2017 01:49 AM

Hi, 

 but what if I would like to setup AD plus Centrify but keep Cloudera with my MIT KDC where I want to store the service account, and want to use AD integration just for the user-group mapping (NSS)? Is it even possible to have this kind of setup?

 

Because we are using in production Clouder with dedicated KDC and now there is a request to manage authorization for users, and based on Cloudera recommendation it should be done on OS level.

 

So if we have  NICE.COMPANY.COM active directory and a hadoop cluster like PROD.CLOUDERA.NET KDC where all the service accounts are, and I have "Bob" in AD who is in Marketing group, and in Sentry I created the role marketing_reader, is it possible to integrate all the nodes that when bob will access via Impala (AD login) and run a query, hadoop will ask where bob belongs, so I need to make sure that the call is directed to AD and marketing is returned.

 

Thanks!

Tomas

By Centrify Guru I
on ‎07-13-2017 06:26 AM

@tomas47966,

 

Sure, that's absoutely possible (a hybrid setup - quite common in EDUs or research organizations), however we would not understand why would you keep such a complex architecture when the whole point is to simplify the deployment (by eliminating the MIT Kerberos which is a duplication of identities) and gain more benefits such as least-access privilege management, and optionally capabilities like MFA or Session Capture and replay.

 

Reply to this post if you'd like our Hadoop specialists have a conversation about your plans.

 

 

R.P

By tomas47966
on ‎07-14-2017 02:30 AM

Yes I would like to have a chat about this setup. But does it require the enteprise version of the tool? 

By Centrify Guru I
on ‎07-14-2017 08:41 AM

 

@tomas47966,

 

Yes  you need to have a commercial version of Centrify to take full advantage of the capabilities.  Use the contact shortcut above to follow-up if this is reasonable.

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel