This lab explains the steps needed to enable Apache Ranger on HDInsight using Enterprise Security Package(ESP).
HDInsight ESP uses Azure Active Directory Domain Services(AAD-DS). Hence there is a need for us to create AAD-DS and related resources before we can begin with enabling ESP in HDInsight.
A discussion on the architecture of the setup can be found here.
Only portal-based creation is discussed in this blog, but the same can be automated through ARM scripts. The names and regions used in this blog are not mandatory and can be chosen as per the customer requirements.
What you need?
- An Azure subscription with Owner access on the Azure Active directory. You could use the Azure Trial Version or MSDN Credits to get one.
- Contributor access on the subscription allowing the creation of HDInsight Clusters.
Stages( Needs Azure Subscription with Owner access to AAD to create an AADDS)
- Set up Azure Active Directory Domain Services( AAD-DS).
- Create ESP enabled HDInsight cluster
- Create and test Ranger policies on HDInsight cluster.
Or
Stages(When AADS is already created for you)
- AAD-DS is already set up and is provided.
- Create ESP enabled HDInsight cluster with provided credentials. Click to access credentials.
- Create and test Ranger policies on HDInsight cluster.
Please do complete the HDInsight Survey for us to be able to better design the product according to customer and partner preferences.