This page lists design documents for key components of HAWQ.
Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem. With the advent of Apache YARN, the Hadoop platform can now support a true data lake architecture. Enterprises can potentially run multiple workloads, in a multi tenant environment. Data security within Hadoop needs to evolve to support multiple use cases for data access, while also providing a framework for central administration of security policies and monitoring of user access.
To keep align with Hadoop eco-system, HAWQ is supporting the integration with Ranger so that HAWQ privileges can be defined in a central Ranger UI. Below is the design documents and JIRA list for Ranger Integration.
- HAWQ Ranger Integration Design Document
- HAWQ Ranger Plugin Service Design Document
- Umbrella JIRA for HAWQ Ranger Integration
HAWQ TDE Support
HDFS implements transparent, end-to-end encryption: 1) data read from and written to special HDFS directories is transparently encrypted and decrypted without requiring changes to user application code; 2) data can only be encrypted and decrypted by the client which enable at-rest encryption as well as in-transit encryption. Data encryption is required by a number of different government, financial, and regulatory entities.
The support of TDE in Apache HAWQ make sure user data, especially important data, can be secured during data access. Though there is performance penalty when it is enabled.