Security

You have the following options for securing your BDD cluster.

Kerberos and Sentry

Kerberos is a third-party tool that enables secure communication between the individual nodes in your cluster. Sentry is a Hadoop component that controls access to your data within Hive. BDD supports integration with both to ensure the security of your cluster and data.

Note: If you're deploying BDD to a production environment, Oracle strongly recommends enabling both Kerberos and Sentry.

If you want to enable Kerberos and/or Sentry for your BDD cluster, you must set them up on your Hadoop cluster before you install BDD. You must also configure BDD to integrate with them to ensure it can interact with Hadoop and access the data it requires. For more information, see Kerberos and Sentry requirements.

SSL

Currently, you can't configure SSL for the inward-facing ports between BDD components. Oracle therefore recommends that you deploy BDD behind a firewall. You can, however, enable SSL on Studio's outward-facing ports in one or both of the following ways:

Enable encryption through WebLogic Server. You can do this in the BDD configuration file. This method activates WebLogic's default demo keystores, which you should replace with your own certificates after deployment. For more information, see Replacing certificates.
Set up a reverse-proxy server. For instructions on how to do this, see About reverse proxies.

Note: These methods don't enable encryption on the inward-facing port on which the Dgraph Gateway listens for requests from Studio.