Now available in Azure Government, the Azure HDInsight Enterprise Security Package (ESP) provides Active Directory-based authentication, multi-user support, and role-based access control for HDInsight clusters.
Azure HDInsight offers several methods to address enterprise security needs, and most of these solutions aren’t activated by default. This flexibility allows you to choose the security features that are most important to you. The Enterprise Security Package is designed for organizations where IT teams manage clusters, and multiple application teams share clusters.
Selecting the Enterprise Security Package
You can optionally select the Enterprise Security Package as part of provisioning the HDInsight cluster:
Once you select this add-on feature, you will be able to:
- Integrate the HDInsight cluster with Azure Active Directory Domain Services. As an admin, you can grant domain users access to the cluster This means, that users can use their own corporate (domain) user name and password to access the cluster.
- Configure Role-Based Access Control for Hive, Spark, and Interactive Hive tables using Apache Ranger. Additionally, you can also set file and folder permissions for data stored in Azure Data Lake Store.
- View the audit logs to see who accessed what data and what policy was enforced as part of the access.
Shared responsibility overview for HDInsight
This image summarizes the major system security areas and the solutions for each of these areas with customer/provider responsibility for Azure HD Insight:
0 comments