Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Firewall Between Knox and Master/Data nodes

Labels:
avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎06-19-2016 02:46 AM

Need to determine if I would encounter any challenges or gotchas when enabling a firewall between knox and master/data nodes. The security team I am working with is requiring this. Any knowledge share in this area would be AWESOME and helpful

1,579 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank lmccay author-rank
Expert Contributor

Created ‎06-19-2016 01:52 PM

I assume that you mean that Knox will be deployed within a DMZ of sorts between two firewalls. The challenges will be to make sure that the appropriate hosts and ports are available to Knox for accessing the Hadoop components inside the cluster.

View solution in original post

1,389 Views
0 Kudos
3 REPLIES 3

avatar
author-rank lmccay author-rank
Expert Contributor

Created ‎06-19-2016 01:52 PM

I assume that you mean that Knox will be deployed within a DMZ of sorts between two firewalls. The challenges will be to make sure that the appropriate hosts and ports are available to Knox for accessing the Hadoop components inside the cluster.

1,390 Views
0 Kudos

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎06-19-2016 10:23 PM

@lmccay Any performance considerations?

1,389 Views
0 Kudos

avatar
author-rank Matthew_Sharp
Contributor

Created ‎06-30-2016 07:17 PM

Knox was designed for perimeter security and having it outside the firewall allows you to lock down your data/control nodes as stated. This approach makes it easy to hide hosts/ports that may change and provides users with one main access pattern. As mentioned in the other reply your firewall policy needs to account for the hosts/ports used. This is something we have deloyed on our edge node along with Hue and other UI services and fronted with a load balancer for high availability.

1,389 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements