Security
Securing Ozone
Ozone is an enterprise class, secure storage system. There are many optional security features in Ozone. Following pages discuss how you can leverage the security features of Ozone.
If you would like to understand Ozone’s security architecture at a greater depth, please take a look at Ozone security architecture.
Depending on your needs, there are multiple optional steps in securing ozone.
Securing Ozone
Overview of Ozone security concepts and steps to secure Ozone Manager and SCM.
Transparent Data Encryption
TDE allows data on the disks to be encrypted-at-rest and automatically decrypted during access.
GDPR in Ozone
Support to implement the “Right to be Forgotten” requirement of GDPR
Securing Datanodes
Explains different modes of securing data nodes. These range from kerberos to auto approval.
Securing HTTP
Secure HTTP web-consoles for Ozone services
Securing S3
Ozone supports S3 protocol, and uses AWS Signature Version 4 protocol which allows a seamless S3 experience.
Ozone ACLs
Native Ozone Authorizer provides Access Control List (ACL) support for Ozone without Ranger integration.
Apache Ranger
Apache Ranger is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.