Reply
Highlighted
Posts: 68
Topics: 0
Kudos: 11
Solutions: 9
Registered: ‎01-05-2015

Re: Enable SSL for CDH 5.15 Cluster

[ Edited ]

Hello AKB,

 

Unfortunately the answer to your question is, no. It will not be easier or better to rely soley on TLS termination on a reverse proxy. For most balancing/proxying algorithims, hardware, and software we recommend TCP Passthrough which means that all Hadoop services must still have TLS properly deployed as well as enabled.

 

If you cluster is accessible by any external network we would advise that you properly deploy both Kerberos and TLS on your cluster.

Senior Customer Operations Engineer | Security SME | Cloudera, Inc.
Announcements