Good morning Thuy, We are focused on multiple layers of security, beginning with the firewall but also local access control and monitoring down to individual processes running in the environment.
Kerberos is a mechanism that is discussed as a security mechansim and I have had it working with Active Directory and a UNIX-based Kerberos provider (Ldap as well). Ranger provides a lot of auditing and insight. In our environment, we have a moat around the cluster with strictly controlled and monitored access points. Cheers, Tom. On 2020-04-08 14:16:13-07:00 ThuyT wrote: Hello all, Has anyone try to secure Apache Metron cluster? I scanned for open ports and there are about 30-50 open ports on each node of my 4-node cluster. I know Storm uses majority of these ports for workers. I've enabled SSL on a few component services, but don't know how to secure all open ports. Any thoughts or ideas are welcome and appreciated. thanks, ~ Thuy
