Privacera-EMR Apache Ranger Integration

By: Vince Goveas

In January, Amazon EMR launched support for Apache Ranger, adding native support for Apache Hive, Apache Spark, and Amazon S3 via Amazon EMR File system (EMRFS). 

Until recently, EMR customers had to enable Apache Ranger support using self-managed plugins. Now, with PrivaceraCloud, EMR customers can take advantage of a scalable, fully-managed SAAS solution for Apache Ranger Admin server– removing the need to manually manage plugins, reducing the burdens on data teams and administrators, and providing automated security, privacy, and governance from a centralized location. 

Apache Ranger Evolution to PrivaceraCloud

Apache Ranger is an open-source authorization platform used by thousands of companies to implement consistent access control policies across Hadoop data lakes. Privacera CEO, CTO, and VP of Engineering, Balaji Ganesan, Don Bosco Durai, and Selvamohan Neethiraj, respectively, were the original architects of the commercial software that later became Apache Ranger. Apache Ranger’s centralized approach to defining, administering, and managing security policies enables administrators to define precise, intuitive security policies at a fine-grained level for each Hadoop component. For a deeper dive into Apache Ranger, read our blog. 

Built on Apache Ranger’s trusted foundation, PrivaceraCloud is a SaaS-based data access governance solution that extends Ranger’s on-premises capabilities to public cloud services. EMR customers leveraging EMR version 5.3 can quickly and easily start using Apache Ranger-enabled services without having to install or manage Apache Ranger, which includes Ranger Administration Server, Ranger User Sync, Ranger TagSync, Apache Solr, Database, and more. Apache Ranger plug-ins in EMR can be configured to use the policies from PrivaceraCloud by setting only 2 properties, the Ranger Admin URL for policies and Solr URL for Audits. Additionally, multiple EMRs can point to the same PrivaceraCloud account, ensuring customers need only configure policies once for consistency across multiple EMR instances.

Integration Overview 

PrivaceraCloud enables customers to have fine-grained access control on their EMR clusters for Hive, Presto, and Spark services using the Apache Ranger framework. With PrivaceraCloud, customers get access to the Ranger plugin model for access control within EMR, enabling the same fine-grained access control capabilities at the database-, table-, and column-level, as well as column-level security with row filtering and column masking. 

In addition to EMR, PrivaceraCloud also supports additional AWS services, including: 

• AWS RedShift using Policy Sync
• Amazon RDS for PostgreSQL using Policy Sync
• AWS S3 using Privacera Data Access Server (Proxy)
• AWS Athena using Privacera Data Access Server

Key Benefits

With Privacera’s extended Apache Ranger capabilities, EMR users are not required to manually install or configure Apache Ranger Policy Server; users can seamlessly configure their EMR deployments to PrivaceraCloud in minutes– without installing software, or self-managing upgrades and maintenance. PrivaceraCloud provides users:

• Ranger Policy Server out of the box
• Trusted Apache Ranger capabilities extended to cloud-native platforms 
• Centralized, fine-grained access control, including column-level access control across AWS services
• Rapid deployment and ease of use 
• Automated access policy migration for reduced operational burdens 
• Centralized auditing and reporting for comprehensive visibility of sensitive data usage
• Out-of-the-box, customizable reports and dashboards for easy compliance with industry and privacy regulations 

Apache Ranger is a highly successful access control platform in use at thousands of companies around the world, and Privacera reinforces its foundation with a cloud-native service offering built on top of Kubernetes that is highly scalable and easy to upgrade. Additionally, Privacera provides single pane visibility across all AWS services, as well as Azure and Google Cloud, to deliver consistent governance and access controls. 

Setting Up Your PrivaceraCloud Account

Read our step-by-step guide to set up your account within minutes. 

To learn more about how Privacera, powered by Apache Ranger, works seamlessly with AWS EMR to enable secure cloud data sharing with centralized access control, governance, and compliance, request a demo here.