Over the past six months, more than 10 of Hortonworks customers have come to us to explain how they were looking to start using Centrify to secure their Hortonworks Data Platform (HDP) environments. We took the time to understand and enable each of these customers’ use cases around secure and centralized identity management for HDP users and admins. With today’s big data solution announcement from Centrify, we have productized those use cases and lessons, and partnered with Hortonworks to certify the capabilities – allowing us to jointly take this solution to market. With this blog, I want to walk you through some challenges that Hortonworks customers are dealing with, and how Centrify can help with its industry-first identity security solution for HDP.
So what challenges around identity security are Hortonworks customers facing today?
For context, Hadoop has typically been set up by business analysts or developers as a mechanism to respond to business questions posed by individual departments. Because it was originally designed for use on a private network by a limited number of designated users, security was not a primary consideration.
The FIRST challenge for Hortonworks customers is to configure Hadoop in Secure Mode before it enters production. By default, Hadoop runs in non-secure mode, and while businesses can set up an MIT Kerberos environment to ensure that each user and service is authenticated, implementing this system is typically a time-consuming, multi-step process that’s prone to error. Moreover, it creates a parallel identity infrastructure, redundant to most organizations’ Active Directory environments – which already provide Kerberos authentication capabilities.
The SECOND challenge is to strictly control user access for HDP. Granting the right users access to the nodes in the HDP cluster requires identity and access management. We have seen that often times HDP admins are unfamiliar with centrally managing user accounts and their access to the cluster. And centralized access management is essential. Many organizations have hundreds or thousands of nodes inside multiple HDP clusters that, when managed manually, would require a user account to be set up on each individual node.
The THIRD challenge is to control administrative privileges and meet regulatory security requirements for HDP clusters. In order to securely move to production, IT must centralize controls over privileged user access. Assigning IT admins specific privileges across HDP clusters means local root accounts need to be locked down. Such control and visibility is a challenge and businesses remain hard-pressed to find a simple way to manage these privileges and meet auditing and compliance requirements across the distributed Hadoop cluster – especially now that HDP will be in production mode.
I can confidently say that Centrify’s Server Suite solution has now incorporated features to help address these challenges and streamline classic IAM functions that HDP admins are looking for. Simply put, as a Hortonworks Certified Technology Partner, Centrify addresses the identity management and audit needs for the most complex HDP deployments by leveraging Active Directory or existing enterprise identity infrastructure. The result is day-one support for enterprise-wide authentication, access control, privilege management, auditing, and secure machine-to-machine communications which includes HDP clusters, nodes and services.
“Centrify is a welcome member of the Hortonworks Certified Technology Partner Program, demonstrating interoperability between Hortonworks Data Platform (HDP) and Centrify Server Suite. This partnership and certification provides enterprise customers with an Active Directory infrastructure solution to drive their big data projects securely and cost effectively.”
Learn more and see a demo of this solution at Strata+Hadoop World this week, where you can also get a chance to participate in joint contests sponsored by Hortonworks and Centrify to win Moto360 watches, FitBits, $200 Amazon Gift Certificates or Go Pro cameras! See us in booth #1430.