Securing Starburst Enterprise #
Learn how to safeguard your data with Starburst Enterprise platform (SEP)’s security toolkit in this training video presented by one of our founders, Dain Sundstrom. For your convenience, we’ve divided the video training course up into topic sections, and provided links to the relevant parts of our documentation below.
Introduction #
- SEP security process
- What to secure
- Preparing: Verifying HTTP
Running time: ~11 min.
Client to server encryption #
- Approaches for HTTPS, including proxies and load balancers
- Adding SSL/TLS certificates
- Handling PEM and JKS files
- Verifying HTTPS for SEP
Running time: ~19 min.
Authentication and authorization in SEP #
- Password file authentication
- LDAP authentication (See also: group providers)
- Kerberos authentication (See also: passthrough)
- Client certificate authentication
- JSON Web Token authentication
- Using multiple authenticators
- Authentication with user mapping
- Overview of authorization
- File-based system access control
Running time: ~34 min.
Securing SEP’s internal communications and management endpoints #
Documentation for the material covered in this section is found here.
- Securing the Starburst cluster itself
- Shared secret
- Internal HTTPS
- Secrets management
- Management endpoints
Running time: ~16 min.
Hive catalog security #
We recommend the following additional reading, which covers enabling SEP’s powerful role-based global access control:
- Access control overview
- Global access control with Apache Ranger
- Global access control with Privacera
- Built-in system access control
While we strongly recommend implementing global access control, you can still secure Hive at the catalog level if your particular situation makes that necessary. Documentation covering the various options for securing Hive at the catalog level can be found as follows:
- Configuring Hive security
- Hive-level security with Apache Ranger
- Hive-level security with Privacera
- Hive-level security with Apache Sentry