Security Configuration

This section documents how to configure a secure Ozone cluster in a production environment.

📄️ Administrators

Ozone identifies administrators through specific configuration properties, allowing for fine-grained control over administrative access. These properties define users and groups with elevated privileges, or read-only administrative access.

📄️ Kerberos

Ozone depends on Kerberos to make the clusters secure. Historically, HDFS has supported running in an isolated secure networks where it is possible to deploy without securing the cluster.

📄️ HTTPS

This document describes how to configure Ozone HTTP web-consoles to require user authentication.

📄️ Apache Knox

TODO: File a subtask under HDDS-9859 and complete this page or section.

🗃️ Encryption

2 items

📄️ Apache Ranger

Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform and beyond. Apache Ranger has supported authorization for Ozone since version 2.0. However, due to improvements and bug fixes, using the latest release is recommended.

📄️ Securing S3 Secrets

By default, S3 secrets are stored in the Ozone Manager’s RocksDB. For enhanced security, Ozone can be configured to use HashiCorp Vault as an external secret storage backend.