ADMIN-332: Securing Cloudera on premises
The significant improvements in CDP architecture and tools makes CDP “Secure by Design.” The Cloudera Data Platform is intended to meet the most demanding technical audit standards. This four-day hands-on course is presented as a project plan for CDP administrators to achieve technical audit standards.The first project stage is implementing Perimeter Security by installing host level security and Kerberos. The second project stage protects Data by implementing Transport Layer Security using Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). The third project stage controls Access for users and to data using Ranger and Atlas. The fourth stage teaches Visibility practices for auditing systems, users, and data usage. This project stage also analyzes applications in terms of vulnerabilities and introduces CDP practices for Risk Management in a fully secured Cloudera Data Platform.
28 hours
VirtualStudents who successfully complete this course will be able to:Explore CDP Security Models and Pillars.Implement Isolated Networks for enhanced security.Design Architecture for Network Security.Evaluate Identity Management options.Implement PAM, LDAP, and define Roles in Cloudera Manager.Implement Quality Controlled Hosts and meet CDP Requirements.Encrypt Network Traffic and deploy TLS using Auto-TLS and SASL.Ensure Authentication with Kerberos.
Security ManagementCDP Security ModelsCDP Security PillarsCDP Security LevelsProject PlanningThe Importance of Project PlanningRoles and ResponsibilitiesIsolated NetworksArchitecture for Network SecurityBuilding an Isolated NetworkIdentity ManagementFreeIPA or Active DirectoryIdentity Management ArchitecturePluggable Authentication ModulesLightweight Directory Access ProtocolCloudera Manager RolesManaging Super UsersQuality Controlled HostsCDP Requirements for HostsRecommendations for deployment hostsEncrypt Network TrafficTheory for Security ProtocolsTools: openssl and keytoolArchitecture for Certificate AuthoritiesDeploying TLS using Auto-TLSDeploying SASLAuthentication with KerberosArchitecture for KerberosKerberos CLIDeploying KerberosManaging CDP services within KerberosShared Data Experience (SDX)Architecture for Apache RangerDeploying RangerDeploying Infra SolrDeploying AtlasData at RestTheory for KMS with KTSDeploying KMS with KTSEncrypting Data at RestSingle Sign-On with Knox GatewayArchitecture for Knox GatewayInstalling Knox GatewayDeploying Knox Gateway SSOAccessing services through Knox GatewayAuthorization with RangerCreating Ranger Data Encryption ZonesCreating Ranger Security ZonesCreating Ranger resource policiesCreating Ranger masking policiesClassify Data with AtlasRanger Policies for AtlasSearching AtlasClassifying Data with TagsCreating Ranger Tag PoliciesCreating Ranger Masking PoliciesAudit CDPAuditing access on hostsAuditing users with RangerAuditing lineage with AtlasTroubleshooting with AuditsCommission CDPValidating Security Level 2Checklist for commissioning CDPAchieving ComplianceRegulatory ComplianceRoadmap to Security Level 3
This immersion course is intended for Linux Administrators who are taking up roles as CDP Administrators. We recommend a minimum of 3 to 5 years of system administration experience in industry. Students must have proficiency in Linux CLI. Knowledge of Directory Services, Transport Layer Security, Kerberos, and SQL select statements is helpful. Prior experience with Cloudera products is expected, experience with CDH or HDP is sufficient. Students must have access to the Internet to reach Amazon Web Services.
