https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141281#M52252 <P>The only thing you can do is limit which IP's can access your cluster. Basically specifying security rules for inbound traffic (or outbound also). </P><P><A href="http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#ec2-classic-security-groups" target="_blank">http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#ec2-classic-security-groups</A></P> Mon, 23 Jan 2017 14:37:53 GMT mqureshi 2017-01-23T14:37:53Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141278#M52249 <P>Hi All,</P><P>to install/run HDP using Ambari, there are many ports such as 50070 needs to be open</P><P>However on cloud platforms keeping these ports open creates risks</P><P>Is there a way to keep them accessible from the services however blocked from outside internet.</P><P>Thanks,</P><P>Avijeet</P> Fri, 16 Sep 2022 10:56:01 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141278#M52249 avijeetd 2022-09-16T10:56:01Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141279#M52250 <A rel="user" href="https://community.cloudera.com/users/11016/avijeetd.html" nodeid="11016">@Avijeet Dash</A><P>In cloud environment you create cluster within a VPC (AWS) or Azure Virtual network which becomes an extension of your own network. In addition both cloud environments (and other major ones) offers network ACLs. You are not really opening up ports to DMZ. Any practical deployment should use these features regardless of Hadoop.</P> Mon, 23 Jan 2017 14:20:15 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141279#M52250 mqureshi 2017-01-23T14:20:15Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141280#M52251 <P>Thanks <A rel="user" href="https://community.cloudera.com/users/10969/mqureshi.html" nodeid="10969">@mqureshi</A> </P><P>Can you pls confirm for a cluster deployed without VPC - is there any way to secure Hadoop with all these ports open?</P><P>Thinking of KNOX as one way - anything else that can be done quickly, also will KNOX work without LDAP/AD?</P><P>Regards,</P><P>Avijeet</P> Mon, 23 Jan 2017 14:28:19 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141280#M52251 avijeetd 2017-01-23T14:28:19Z https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141281#M52252 <P>The only thing you can do is limit which IP's can access your cluster. Basically specifying security rules for inbound traffic (or outbound also). </P><P><A href="http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#ec2-classic-security-groups" target="_blank">http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#ec2-classic-security-groups</A></P> Mon, 23 Jan 2017 14:37:53 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/ports-required-to-be-open/m-p/141281#M52252 mqureshi 2017-01-23T14:37:53Z